Malwarebytes State of Malware 2019: Mac outpaced Windows for endpoint threats

Malwarebytes State of Malware 2019

Malwarebytes State of Malware 2019 says Macs were the focus of attacks in 2019.

To put Malwarebytes State of Malware 2019 in perspective, you need to ask about the methodology. Malwarebytes is a highly effective adware, malware, adware, potentially unwanted program (PUP) scanner used primarily by business. Its free scanner is my choice to check on the efficiency of other AV apps.

So, its ‘audience’ is a snapshot of its users. Malwarebytes State of Malware 2019 (report here) comprises data sets collected from product telemetry, honey pots, intelligence, and research conducted by Malwarebytes threat analysts.

So in making any statement, it knows the number/type of endpoints and relates that back to incidents per endpoint type. The report has statistical merit.

Malwarebytes State of Malware 2019

In general

Adware (cybercriminals use malware to deliver unwanted ads to gain revenue) reigns supreme for both consumers and businesses on Windows, Mac, and Android using ever more aggressive techniques.

While Adware is more a nuisance the difficulty in removing it escalated.

Malwarebytes State of Malware 2019 Adware

Mac summary

  • Adware: 30 million Mac detections (24 million Windows)
  • Mac threats increased more than 400% over 2018
  • 11 threats per Mac endpoint (5.8 threats Windows)
  • Top of the list is adware NewTab

Macs became the more attractive targets to cybercriminals. macOS built-in security systems have not cracked down on adware and PUPs to the same degree as malware. It leaves the door open for borderline programs to infiltrate.

Malwarebytes State of Malware 2019 macOS
There are holes in macOS when it comes to Adware and PUPs

NewTab is an adware family that attempts to redirect searches in the web browser. It comes in apps with embedded Safari extensions. These include fake flight, package tracking, maps, or directions pages.

Traditional Mac malware, such as backdoors, cryptominers, and spyware came via by a group of files exhibiting similar malicious behaviours. OSX.Generic.Suspicious is a group of detections all exhibit known bad behaviours that no legitimate software program would engage in.

Malwarebytes State of Malware 2019

Only one incident involved anything other than tricking the user into downloading and opening something they shouldn’t.

Malwarebytes says Mac users can no longer say that their beloved systems are immune from malware. And despite the relative low-grade hassle from adware compared to that of, say, ransomware, these families are becoming more and more aggressive. They are displaying malicious and persistent behaviours to trick users into a false sense of security.

If 2019’s threat landscape tells us anything, it’s that it’s time to take a good hard look at Mac security and finally get serious.

Windows summary

Global Windows malware detections stayed at 2018 levels. But attacks on business endpoints increased by 13%. Cybercriminals follow the money looking for high ROI victims.

Malwarebytes State of Malware 2019 Windows 10

As the business world finally moves the security-hardened Windows 10, the efficacy of old malware relying on un-patchable CVEs dries up. And Windows users are more likely to run AV whether it be the free Windows Defender or a paid product. Windows users are perhaps more aware of the need for care.

In the consumer area, it was Adware and bitcoin mining relying on vulnerabilities in older Internet Explorer and more recently the Chrome engine (the latest attack vector). Making money from Crypto mining has almost dried up. Trojan/ransomware activity declined because consumers simply won’t pay the ransom.

Malwarebytes State of Malware 2019

In the business area, Trojan-turned-botnets Emotet and TrickBot returned in 2019 to terrorise organisations alongside new ransomware families, such as Ryuk, Sodinokibi, and Phobos.

Malwarebytes State of Malware 2019

A flood of hack tools and registry key disablers made a splashy debut in our top detections. This reflects a greater sophistication by today’s business-focused attackers.

iOS summary

iOS malware exists, but there’s no way to scan for it (Apple will not allow AV companies access). Most iOS malware is nation-state malware, spread via targeted attacks through ‘secret’ iOS vulnerabilities/backdoors, such as NSO’s Pegasus spyware. This year China used iOS zero-days to infect phones in targeted attacks against the Uyghur and Hong Kong people.


An unprecedented zero-day vulnerability dubbed checkm8 was found in iPhone boot ROMs (up to iPhone X) as well other iOS, watchOS, and tvOS devices. You cannot patch a boot ROM; the only way to fix the bug is to buy a new iPhone 11 or device.

Android Summary

There are two types of Android malware, and one is extremely devious.

Pre-installed Malware – needs access to a device at the manufacturer level

Adups is a malicious app found on many Chinese-made low-cost Android mobiles. This baked-in auto-installer has administrator rights to update the device’s firmware, but it also steals personal information, contacts, SMS, photos and more. It can install Android Trojans and adware.


It is most prevalent on ‘international’ (non-Australian certified) phones sold by online marketplaces like Amazon, Kogan/Dick Smith, Mobileciti etc. or for phones purchased overseas.

Run Malwarebytes to see if it is on your phone. It is damned hard to remove as its ‘baked-in’ and often reoccurs randomly. There is a strong rumour that it is linked directly to the Chinese Communist Party as is ‘Study the Great Nation’ app.

Great Nation


Stalkerware (for iOS and Android)

The new threat is stalkerware. Apps that enable users to monitor another’s every digital move. That includes collecting data without their informed consent: GPS location data, photos, emails, text messages, call logs, contacts lists, non-public social media activity, and more.


Some stalkerware apps are installed without displaying an icon or remotely operate a user’s device, microphone, or camera. With over 100 new variants added in 2019, we are taking an even harder stance on these creepy apps, some of which still appear in Google Play and Apple’s iTunes stores.

Adware is an ongoing issue as the entire monetary basis of Android is serving ads. Symptoms are the aggressive display of advertisements including but not limited to: ads in notifications, on the lock screen, and full-screen pop-ups. Much of this comes in so-called Ad-blockers and other fake apps.


Web threats

You can get an infection simply by visiting an infected website- called Drive-By Shootings.


It may be a combination of a phishing email (with a compromised Word.doc or steganographic image) directing you to a website where the final payload downloads and combines to form malware. Or you may be using an old version of IE or even Chrome (including the new MS Chromium-based Edge), less so with Firefox.

Adware on old Windows

Online shoppers are the target of credit card skimmers/scrapers, also known as web skimmers. More generally referenced as Magecart. Unlike other attacks that often require infection (banking Trojans) or social engineer them (phishing), web skimming works quietly on all devices and browsers. This makes it particularly effective and scalable to harvest and monetise stolen credit cards.

Malvertising takes control of your search engine and redirects you to advertising pages.

Bitcoin miners use your computers CPU while you are on a site.


Industry threats

Threat actors (likely State-sponsored) turned up the heat on industry attacks, bringing US cities to a screeching halt with ransomware infections, halting daily instruction in schools compromised with Emotet, and putting patient lives at risk in TrickBot attacks on healthcare organisations.

Malwarebytes State of Malware 2019

Data Privacy

Malwarebytes comments that big and small tech is subject to extreme attacks to gain user data. Or they just sell it to monetise it!

data leak
Data leaks are the norm

2019 was supposed to be the year of privacy, but users fell over themselves to give their data away on scams as evident as ‘win a pizza to share with friends’.

Maybe by 2029, we will see meaningful legislation and protection for your data.

And for 2020

  1. Ransomware will focus on those that pay – businesses
  2. Web skimmers are easy money, and it won’t be safe to buy on-line. We can expect to see many novel attack techniques introduced.
  3. Web surfing will be even more dangerous if you use an old browser or Chromium based one
  4. Biometrics and genetic tracking, e.g., Facial recognition, consumer DNA kit, menstrual tracking, baby-making, private health information etc. will result in way too much personal data sold. The increased use of biometric data for authentication calls for stronger regulations for data privacy. Consumers and pro-privacy organisations will push hard on lawmakers to make that a reality in 2020.
  5. US voters will call into question the reliability of the voting process, especially if the results of the 2020 presidential election once again fail to align with Democrat projections. But it is really fake news with Nation-state actors tasked with destabilising the country. Scammers and malware authors will use the election to spread their threats via phishing emails. Unfortunately, users following propagandist or radial publications on both sides of the political spectrum will believe what they want to believe. Regardless of scam tactics or potential voting machine compromises, the real threat will be the attacks on our hearts and minds through social media and media manipulation.
  6. Hybrid attacks are the new black. Get a foot in the door with phishing or adware, visit a site and get part two of the malware. Then wait for ‘dwell-time’ to strike when the information flow back to cybercriminals says its time.
Facial ID
Personal data is the new gold

GadgetGuy’s take – Malwarebytes State of Malware 2019. It is my weapon of choice

Please know that we publish most security materials as a public service under the title eSafety. The more you read, the more you may take heed.

Malwarebytes focuses on endpoints – phones and computers where a threat can get a foothold and spread further to the network. It has enterprise protection too.

Make no mistake – if you surf the web, buy on-line, get caught by a socially engineered phishing email or whatever without suitable protection, you are in for a world of pain.

We recently reviewed Norton 360 – the companies comprehensive suite. It is damned expensive but at least twice a year it has saved my families bacon. I run it on every computing device because you can’t afford a weak link.

Whether its Norton, Kaspersky, McAfee et al. you need paid protection. Protection is perhaps not the right word – it smacks of mafia standover tactics.

The right words are confidence and resilience. The ability to use the internet with some confidence and the resilience to withstand attacks when you do.