Happy New Year 2025

Tag: malware

  • Mac users beware: AI-powered malware threats are on the rise

    Mac users beware: AI-powered malware threats are on the rise

    Apple devices are believed to be pretty secure, and that’s what the company will tell you. You might have seen the tagline “Privacy. That’s Apple.” in their promotions. 

    However, the tech landscape is changing, and even Apple products aren’t beyond cybercriminals’ reach. 

    A new report suggests Mac users will need to be more vigilant this year because AI advancements are helping hackers breach even the most secure systems. I have consistently reported on how Mac malware is targeting users, and experts now believe this will only get worse.

    STAY PROTECTED & INFORMED! GET SECURITY ALERTS & EXPERT TECH TIPS — SIGN UP FOR KURT’S THE CYBERGUY REPORT NOW

    A man working on his laptop   (Kurt “CyberGuy” Knutsson)

    The rise of cyberattacks on Apple devices

    Mac malware is not what it used to be. For years, the biggest threats were annoying adware and browser hijackers, more of a nuisance than a real danger. But that is changing fast. As highlighted by Malwarebytes, a new wave of information stealers is taking over, and they are far more dangerous, going after passwords, authentication cookies, credit card details and even cryptocurrency.

    This shift started in mid-2023 with the arrival of Atomic Stealer, also known as AMOS, a piece of malware that looked much more like something you would see on Windows than the typical Mac threats. AMOS was not just effective. It was easy to use and sold as a service  for $1,000 a month with a slick web-based control panel. That success led to the rise of even more dangerous variants.

    WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

    One of them, Poseidon, launched in mid-2024 and quickly became the dominant Mac stealer, responsible for 70% of infections. It can drain over 160 different cryptocurrency wallets, steal passwords from browsers and password managers and even grab VPN credentials.

    At the same time, cybercriminals have doubled down on malvertising, using fake ads on Google and Bing to trick users into downloading malware instead of real software. These campaigns are highly targeted, allowing attackers to pinpoint Mac users and serve fake downloads based on their searches. With AI now being used to create and execute many of these attacks, they are likely to increase in scale.

    woman on laptop

    A woman working on her laptop   (Kurt “CyberGuy” Knutsson)

    4.3 MILLION AMERICANS EXPOSED IN MASSIVE HEALTH SAVINGS ACCOUNT DATA BREACH

    Things are worse for Android users

    While Mac malware is evolving, the situation on Android is even more alarming. Phishing attacks on the platform have reached staggering levels, with thousands of malicious apps designed to steal credentials and bypass security measures.

    So far in 2024, researchers have detected 22,800 phishing-capable apps, alongside 3,900 apps designed to read OTPs from notification bars and 5,200 apps capable of extracting OTPs from SMS messages. These numbers highlight how widespread and effective Android phishing malware has become.

    Just like phishing emails, phishing apps trick users into handing over their usernames, passwords and two-factor authentication codes. Once stolen, these credentials can be sold or used for fraud, identity theft or further cyberattacks. Because phishing apps require minimal code and fewer permissions than traditional malware, they are much easier to sneak onto app stores, including Google Play.

    Many phishing apps look like regular, fully functional software. Some impersonate games or utilities, while others appear as cracked versions of popular apps like TikTok, WhatsApp or Spotify. Some stay dormant for days to avoid detection before launching their attacks. Others rely on ad functionality to redirect users to phishing sites, making the malicious code harder to trace.

    Google Play Protect, which is built-in malware protection for Android devices, automatically removes known malware. However, it is important to note that Google Play Protect may not be enough. Historically, it isn’t 100% foolproof at removing all known malware from Android devices.

    GET FOX BUSINESS ON THE GO BY CLICKING HERE

    woman working on desktop

    A woman working on a desktop and laptop computer   (Kurt “CyberGuy” Knutsson)

    MASSIVE SECURITY FLAW PUTS MOST POPULAR BROWSERS AT RISK ON MAC

    5 tips to protect your devices from malware

    Follow these essential tips to safeguard your devices from the latest malware threats, including the notorious info stealer malware.

    1. Have strong antivirus software: The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

    2. Be cautious with downloads and links: Only download software from reputable sources such as the Mac App Store, Google Play Store or official websites of trusted developers. Be wary of unsolicited emails or messages prompting you to download or install updates, especially if they contain links. Phishing attempts often disguise themselves as legitimate update notifications or urgent messages.

    3. Keep your software updated: Ensure that both macOS, Android and all installed applications are up to date. Apple and Android frequently release security patches and updates that address vulnerabilities. Enable automatic updates for macOS, Android and your apps to stay protected without having to manually check for updates. If you need more help, see my guide on keeping all your devices updated.

    4. Use strong and unique passwords: To protect your Mac from malware, it’s also crucial to use strong, unique passwords for all your accounts and devices. Avoid reusing passwords across different sites or services. A password manager can be incredibly helpful here. It generates and stores complex passwords for you, making them difficult for hackers to crack. 

    It also keeps track of all your passwords in one place and automatically fills them in when you log into accounts, so you don’t have to remember them yourself. By reducing the number of passwords you need to recall, you’re less likely to reuse them, which lowers the risk of security breaches. Get more details about my best expert-reviewed Password Managers of 2025 here.

    5. Use two-factor authentication (2FA): Enable 2FA for your important accounts, including your Apple ID, Google account, email and any financial services. This adds an extra step to the login process, making it harder for attackers to gain access even if they have your password.

    HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET

    Kurt’s key takeaways

    The days when Mac users could assume they were safe are long gone. Cybercriminals are evolving their tactics, with Mac malware shifting from simple adware to advanced information stealers. Android phishing apps are also becoming harder to detect and more widespread than ever. From stealing passwords and authentication cookies to intercepting OTPs and draining cryptocurrency wallets, these threats are growing in both sophistication and scale. No platform is immune, and as cybercriminals continue refining their techniques, users and organizations must stay ahead with strong security measures.

    CLICK HERE TO GET THE FOX NEWS APP

    Do you trust official app stores like the App Store and Google Play, or do you think they need to do more to prevent malware? Let us know by writing us at Cyberguy.com/Contact

    For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

    Ask Kurt a question or let us know what stories you’d like us to cover

    Follow Kurt on his social channels

    Answers to the most asked CyberGuy questions:

    New from Kurt:

    Copyright 2025 CyberGuy.com.  All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

  • Screenshot-scanning malware discovered on Apple App Store in first-of-its-kind attack

    Screenshot-scanning malware discovered on Apple App Store in first-of-its-kind attack

    Every tech expert will tell you the App Store is safer than Google Play Store. Some might even claim it is impossible to download a malicious app from the App Store, but they are wrong. 

    While I admit the App Store is a secure and tightly controlled ecosystem, it cannot completely shield you. Security researchers have found that hackers are targeting several apps on the App Store to spread malware that steals information from screenshots saved on a device. 

    The issue also affects those downloading apps from the Google Play Store.

    STAY PROTECTED & INFORMED! GET SECURITY ALERTS & EXPERT TECH TIPS — SIGN UP FOR KURT’S THE CYBERGUY REPORT NOW

    A person holding an iPhone. (Kurt “CyberGuy” Knutsson )

    How the malware works and what makes it different

    According to researchers at Kaspersky, this malware campaign is more advanced than typical info stealers, both in how it works and how it spreads. Instead of relying on social engineering tricks to get users to grant permissions like most banking trojans or spyware, this malware hides inside seemingly legitimate apps and slips past Apple and Google’s security checks.

    One of its standout features is Optical Character Recognition. Instead of stealing stored files, it scans screenshots saved on the device, extracts text and sends the information to remote servers.

    Once installed, the malware operates stealthily, often activating only after a period of dormancy to avoid raising suspicion. It employs encrypted communication channels to send stolen data back to its operators, making it difficult to trace. Plus, it spreads through deceptive updates or hidden code within app dependencies, an approach that helps it evade initial security screenings by app store review teams.

    The infection vectors vary between Apple and Google’s ecosystems. On iOS, the malware is often embedded within apps that initially pass Apple’s rigorous review process but later introduce harmful functionality through updates. On Android, the malware can exploit sideloading options, but even official Google Play apps have been found to carry these malicious payloads, sometimes hidden within SDKs (software development kits) supplied by third-party developers.

    Messaging app

    Messaging app in the App Store designed to lure victims.

    THE HIDDEN COSTS OF FREE APPS: YOUR PERSONAL INFORMATION

    What’s being stolen, and who’s responsible?

    The scope of stolen information is alarming. This malware primarily targets crypto wallet recovery phrases but is also capable of exfiltrating login credentials, payment details, personal messages, location data and even biometric identifiers. Some versions are designed to harvest authentication tokens, allowing attackers to access accounts even if users change their passwords.

    The apps serving as malware carriers include ComeCome, ChatAi, WeTink, AnyGPT and more. These range from productivity tools to entertainment and utility apps. In some cases, malicious developers create these apps with full knowledge of the malware’s purpose. In others, the issue appears to be a supply chain vulnerability, where legitimate developers unknowingly integrate compromised SDKs or third-party services that introduce malicious code into their applications.

    We reached out to Apple for a comment but did not hear back before our deadline. 

    App Store

    Messaging app in the App Store designed to lure victims. (Kaspersky)

    Apple’s response to screenshot-scanning malware discovered in App Store

    Apple has removed the 11 iOS apps mentioned in Kaspersky’s report from the App Store. Furthermore, they discovered that these 11 apps shared code signatures with 89 other iOS apps, all of which had been previously rejected or removed for violating Apple’s policies, resulting in the termination of their developer accounts.

    Apps requesting access to user data such as Photos, Camera or Location must provide relevant functionality or face rejection. They must also clearly explain their data usage when prompting users for permission. iOS privacy features ensure users always control whether their location information is shared with an app. Also, starting in iOS 14, the PhotoKit API — which allows apps to request access to a user’s Photos library — added additional controls to let users select only specific photos or videos to share with an app instead of providing access to their entire library. 

    The App Store Review Guidelines mandate that developers are responsible for ensuring their entire app, including ad networks, analytics services and third-party SDKs, complies with the guidelines. Developers must carefully review and choose these components. Apps must also accurately represent their privacy practices, including those of the SDKs they use, in their privacy labels.

    In 2023, the App Store rejected over 1.7 million app submissions for failing to meet its stringent privacy, security and content standards. It also rejected 248,000 app submissions found to be spam, copycats or misleading and prevented 84,000 potentially fraudulent apps from reaching users.

    WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

    What Google is doing to stop malware 

    A Google spokesperson tells CyberGuy: 

    “All of the identified apps have been removed from Google Play and the developers have been banned. Android users are automatically protected from known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services.”

    However, it is important to note that Google Play Protect may not be enough. Historically, it isn’t 100% foolproof at removing all known malware from Android devices. Here’s why:

    What Google Play Protect can do:

    • Scans apps from the Google Play Store for known threats.
    • Warns you if an app behaves suspiciously.
    • Detects apps from unverified sources (sideloaded APKs).
    • Can disable or remove harmful apps.

    What Google Play Protect can’t do:

    • It does not provide real-time protection against advanced threats like spyware, ransomware or phishing attacks.
    • It does not scan files, downloads or links outside of Play Store apps.
    • It may miss malware from third-party app stores or sideloaded apps.
    • It lacks features like VPN protection, anti-theft tools and privacy monitoring.
    password

    Image of a person typing in their password on screen. (Kurt “CyberGuy” Knutsson)

    HOW SCAMMERS USE YOUR PERSONAL DATA FOR FINANCIAL SCAMS AND HOW TO STOP THEM

    5 ways users can protect themselves from such malware

    1. Use strong antivirus software: Installing strong antivirus software can add an extra layer of protection by scanning apps for malware, blocking suspicious activity and alerting you to potential threats. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

    2. Stick to trusted developers and well-known apps: Even though malware has been found in official app stores, users can still minimize their risk by downloading apps from reputable developers with a long track record. Before installing an app, check its developer history, read multiple reviews and look at the permissions it requests. If an app from an unknown developer suddenly gains popularity but lacks a strong review history, approach it with caution.

    GET FOX BUSINESS ON THE GO BY CLICKING HERE

    3. Review app permissions carefully: Many malicious apps disguise themselves as legitimate tools but request excessive permissions that go beyond their stated purpose. For example, a simple calculator app should not need access to your contacts, messages or location. If an app asks for permissions that seem unnecessary, consider it a red flag and either deny those permissions or avoid installing the app altogether. Go to your phone settings and check app permissions on your iPhone and Android

    4. Keep your device and apps updated: Cybercriminals exploit vulnerabilities in outdated software to distribute malware. Always keep your operating system and apps updated to the latest versions, as these updates often contain critical security patches. Enabling automatic updates ensures that you stay protected without having to manually check for new versions.

    5. Be wary of apps that promise too much: Many malware-infected apps lure users by offering features that seem too good to be true — such as free premium services, extreme battery optimizations or AI-powered functionality that appears unrealistic. If an app’s claims sound exaggerated or its download numbers skyrocket overnight with questionable reviews, it’s best to avoid it. Stick to apps with a transparent development team and verifiable functionalities. 

    HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET 

    Kurt’s key takeaway

    The new malware campaign highlights the need for stricter vetting processes, continuous monitoring of app behavior post-approval and greater transparency from app stores regarding security risks. While Apple and Google have removed the malicious apps upon detection, the fact that they made it onto the platform in the first place exposes a gap in the existing security framework. As cybercriminals refine their methods, app stores must evolve just as quickly or risk losing the trust of the very users they claim to protect.

    CLICK HERE TO GET THE FOX NEWS APP

    Do you think app stores should take more responsibility for malware slipping through? Let us know by writing us at Cyberguy.com/Contact

    For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

    Ask Kurt a question or let us know what stories you’d like us to cover.

    Follow Kurt on his social channels:

    Answers to the most-asked CyberGuy questions:

    New from Kurt:

    Copyright 2025 CyberGuy.com. All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

  • Beware of fake Reddit solutions delivering dangerous malware

    Beware of fake Reddit solutions delivering dangerous malware

    Sometimes, when you need an answer to a complex life situation or a way to troubleshoot an error on your computer, regular articles on the web don’t help. Some issues are so niche that no one writes about them, and those who do often say nothing useful in 1,000 words. 

    In these cases, adding Reddit to your search query can be a game changer. Nine times out of 10, someone on Reddit has faced the same issue, and there’s probably a solution. 

    But bad actors have caught on to this, too. They’re now mimicking Reddit to spread malware that can steal your personal information.

    GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE

    Reddit app on home screen of smartphone (Kurt “CyberGuy” Knutsson)

    What you need to know about fake Reddit pages

    Hackers are distributing nearly 1,000 fake websites mimicking Reddit and WeTransfer to spread the Lumma Stealer malware. These sites are designed to trick you into downloading malicious software by imitating legitimate discussions and file-sharing services.

    On these fake Reddit pages, attackers create a fabricated discussion where one user asks for help downloading a tool, another offers a WeTransfer link and a third expresses gratitude to make the exchange seem real. Clicking the link redirects victims to a counterfeit WeTransfer site, where the download button delivers the Lumma Stealer malware.

    All these fake pages have the following things in common:

    • The websites include a brand name (like “Reddit” or “WeTransfer”) followed by random characters to appear legitimate at first glance
    • They use “.org” or “.net” domains instead of the official one, which is “.com”
    • The interface closely mimics the real sites to deceive users

    These fake websites were discovered by Sekoia researcher crep1x, who compiled a full list of the pages involved in the scheme. In total, 529 of these sites mimic Reddit, while 407 impersonate WeTransfer to trick users into downloading malware.

    According to BleepingComputer, hackers may be driving traffic to these fake pages through methods like malicious ads (malvertising), search engine manipulation (SEO poisoning), harmful websites, direct messages on social media and other deceptive tactics.

    fake reddit 2

    Illustration of a hacker at work (Kurt “CyberGuy” Knutsson)

    HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET

    The dangers of info-stealer malware

    Hackers are using fake Reddit pages to spread Lumma Stealer, a powerful malware designed to steal personal data while staying under the radar. Once it infects a device, it can grab passwords stored in web browsers and session tokens, allowing attackers to hijack accounts without even needing a password.

    But Reddit isn’t the only way this malware spreads. Hackers also push it through GitHub comments, deepfake websites and shady online ads. Once they steal login credentials, they often sell them on hacker forums, where others can use them for further attacks.

    This type of malware has already played a role in major security breaches, including attacks on PowerSchoolHot Topic, CircleCI and Snowflake. It’s a growing threat, especially for companies that rely on password-based security.

    WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

    fake reddit 3

    Illustration of a hacker at work

    BEST ANTIVIRUS FOR MAC, PC, IPHONES AND ANDROIDS – CYBERGUY PICKS

    6 ways to protect yourself from info-stealing malware

    1. Be cautious with download links: Avoid downloading files from random Reddit discussions, social media messages or unfamiliar websites. If an unknown user shares the link or seems out of place in the context, it’s better to err on the side of caution. If the link is directing you to a file-sharing site like WeTransfer or Google Drive, double-check the URL for any signs of manipulation—like random characters added to the domain name.

    2. Have strong antivirus software: The best way to safeguard yourself from malicious links that install malware originating from these Reddit discussions, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

    GET FOX BUSINESS ON THE GO BY CLICKING HERE

    3. Verify website URLs: Fake websites often look convincing but have slight differences in their URLs. Check for misspellings, extra characters or unusual domains (e.g., “.org” or “.net” instead of the official “.com”).

    4. Use strong, unique passwords and enable 2FA: password manager can help generate and store strong passwords for each site. Meanwhile, enabling two-factor authentication (2FA) adds an extra layer of security, making it harder for attackers to hijack your accounts. Get more details about my best expert-reviewed Password Managers of 2025 here.

    5. Keep your software updated: Regularly update your operating system, apps, browsers and other software on your PC or mobile devices. Updates often include patches for security vulnerabilities that hackers can exploit.

    6. Watch out for malvertising and SEO traps: Hackers manipulate search engine results and run deceptive ads to trick users into visiting fake sites. Stick to official sources and avoid clicking on ads or search results that seem too good to be true. 

    HOW TO FIGHT BACK AGAINST DEBIT CARD HACKERS WHO ARE AFTER YOUR MONEY

    Kurt’s key takeaway

    Hackers are getting sneakier, using fake Reddit and WeTransfer pages to spread dangerous malware like Lumma Stealer. These sites might look real, but they’re designed to steal your personal info. To stay safe, always double-check links and be cautious about downloading files from unfamiliar sources. Use strong, unique passwords, enable two-factor authentication and keep your software updated to stay one step ahead of cybercriminals.

    CLICK HERE TO GET THE FOX NEWS APP

    Have you ever encountered a suspicious link on Reddit or social media? How did you handle it? Let us know by writing us at Cyberguy.com/Contact.

    For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

    Ask Kurt a question or let us know what stories you’d like us to cover.

    Follow Kurt on his social channels:

    Answers to the most asked CyberGuy questions:

    New from Kurt:

    Copyright 2025 CyberGuy.com. All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

  • Mac malware mayhem as 100 million Apple users at risk of having personal data stolen

    Mac malware mayhem as 100 million Apple users at risk of having personal data stolen

    Apple’s Macs are generally considered more secure than Windows PCs, but they are not immune to hackers. Numerous incidents demonstrate that Macs are not impenetrable, and a new one has recently been added to the list. Security researchers have discovered a new variant of stealer malware that targets browser credentials, cryptocurrency wallets and other personal data. I reported on this malware in 2024 as well. Previously, it relied on macOS browser extensions to steal data. Now, it uses phishing websites and fake GitHub repositories to target Macs, which have a user base of 100 million people.

    I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

    Enter the giveaway by signing up for my free newsletter.

    A person working on their Apple laptop (Kurt “CyberGuy” Knutsson)

    The evolution of info-stealer Mac malware

    Cybersecurity company Check Point has discovered a new variant of info-stealer malware, BanShee. Elastic Security Labs first highlighted this malware in mid-2024, noting that it operates as malware-as-a-service, a business model in which cybercriminals provide access to malicious software and related infrastructure for a fee. At that time, it was available for as much as $3,000 per month.

    Check Point says this malware evolved in September after being exposed. This time, its developers had “stolen” a string encryption algorithm from Apple’s own XProtect antivirus engine, which replaced the plain text strings used in the original version. Since antivirus programs expect to see this kind of encryption from Apple’s legitimate security tools, they weren’t flagged as suspicious, allowing the BanShee to remain undetected and quietly steal data from targeted devices.

    Mac malware mayhem as 100 million Apple users at risk of having personal data stolen

    A woman working on her Apple desktop and Apple laptop (Kurt “CyberGuy” Knutsson)

    4.3 MILLION AMERICANS EXPOSED IN MASSIVE HEALTH SAVINGS ACCOUNT DATA BREACH

    How the Mac malware operates

    BanShee Stealer is a prime example of how advanced malware has become. Once it’s on a system, it gets straight to work stealing all kinds of sensitive information. It goes after data from browsers like Chrome, Brave, Edge and Vivaldi, as well as cryptocurrency wallet extensions. It even takes advantage of two-factor authentication (2FA) extensions to grab credentials. On top of that, it collects details about the device’s software and hardware, as well as the external IP address.

    The Mac malware also tricks users with fake pop-ups that look like real system prompts, tricking victims into entering their macOS passwords. Once it has gathered the stolen information, BanShee exfiltrates it to command-and-control servers, using encrypted and encoded files to ensure the data remains secure.

    The malware’s creators used GitHub repositories to spread BanShee. They set up fake repositories that looked like they hosted popular software, complete with stars and reviews, to seem trustworthy. These campaigns didn’t just target macOS users with BanShee. They also hit Windows users with a different malware called Lumma Stealer. Over three waves, the attackers used these fake repositories to trick people into downloading their malicious files.

    Mac malware mayhem as 100 million Apple users at risk of having personal data stolen

    A woman working on her laptop (Kurt “CyberGuy” Knutsson)

    MASSIVE SECURITY FLAW PUTS MOST POPULAR BROWSERS AT RISK ON MAC

    5 tips to protect yourself from Mac malware

    Follow these essential tips to safeguard your Mac from the latest malware threats, including the notorious BanShee Stealer.

    1) Have strong antivirus software: The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

    2) Be cautious with downloads and links: Only download software from reputable sources such as the Mac App Store or official websites of trusted developers. Be wary of unsolicited emails or messages prompting you to download or install updates, especially if they contain links. Phishing attempts often disguise themselves as legitimate update notifications or urgent messages.

    3) Keep your software updated: Ensure that both macOS and all installed applications are up to date. Apple frequently releases security patches and updates that address vulnerabilities. Enable automatic updates for macOS and your apps to stay protected without having to manually check for updates. If you need more help, see my guide on keeping all your devices updated.

    4) Use strong and unique passwords: To protect your Mac from malware, it’s also crucial to use strong, unique passwords for all your accounts and devices. Avoid reusing passwords across different sites or services. A password manager can be incredibly helpful here; it generates and stores complex passwords for you, making them difficult for hackers to crack.

    It also keeps track of all your passwords in one place and automatically fills them in when you log into accounts, so you don’t have to remember them yourself. By reducing the number of passwords you need to recall, you’re less likely to reuse them, which lowers the risk of security breaches. Get more details about my best expert-reviewed password managers of 2025 here.

    5) Use two-factor authentication (2FA): Enable 2FA for your important accounts, including your Apple ID, email and any financial services. This adds an extra step to the login process, making it harder for attackers to gain access even if they have your password.

    HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET

    Kurt’s key takeaway

    No device is immune to cyberattacks when a human operator is involved. Take the BanShee Stealer, for example. It managed to target Macs not due to weak cybersecurity measures by Apple but because it successfully tricked users into installing it and granting the required permissions. Most breaches, hacks and other cyberattacks stem from human error. This highlights the importance of maintaining basic cybersecurity hygiene. It’s crucial to know what you’re downloading, ensure it’s from a trusted source and carefully review the permissions you grant to any online service or application.

    When downloading new software, how do you determine if it’s safe to install? Do you rely on app store ratings, reviews or something else? Let us know by writing us at Cyberguy.com/Contact.

    For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

    Ask Kurt a question or let us know what stories you’d like us to cover.

    Follow Kurt on his social channels:

    Answers to the most asked CyberGuy questions:

    New from Kurt:

    Copyright 2024 CyberGuy.com. All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    January 23, 2025
  • Fake job interview emails installing hidden cryptocurrency mining malware

    Fake job interview emails installing hidden cryptocurrency mining malware

    The job market hasn’t been great in the last few years, especially in tech, leaving a lot of people actively looking for jobs. 

    Scammers are taking advantage of this. They have come up with a new trick where they pretend to be recruiters to spread crypto miners on people’s devices. 

    It starts with an email inviting the person to schedule an interview for a job. But when they click the link, it installs a malicious app that secretly mines cryptocurrency. This app hijacks your PC’s resources, like the CPU and GPU, which slows down its performance significantly.

    I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

    A person typing on their laptop. (Kurt “CyberGuy” Knutsson)

    What you need to know

    This malicious campaign begins with an email that tricks victims into thinking it is part of a recruitment process, as reported by Dark Reading. In most cases, these emails are pretending to be from recruiters at the cybersecurity company CrowdStrike.

    The fraudulent email contains a link claiming to take the recipient to a site where they can schedule an interview. However, in reality, it redirects the victim to a malicious website that offers a download for a supposed “CRM application.”

    WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

    The site provides download options for both Windows and macOS. Regardless of which option the victim selects, the download will be a Windows executable written in Rust. This executable then downloads the XMRig cryptominer.

    The executable performs several environmental checks to analyze the device and avoid detection. It scans running processes, checks the CPU and more. If the device passes these checks, the executable will display a fake error message while secretly downloading additional payloads needed to run the XMRig miner.

    fake interview email

    Fake CrowdStrike job application download. (CrowdStrike)

    HERE’S WHAT RUTHLESS HACKERS STOLE FROM 110 MILLION AT&T CUSTOMERS

    How does a cryptominer affect your PC?

    A cryptomining app can significantly impact your PC’s performance. Once installed, it hijacks your computer’s resources, including the CPU and GPU, to secretly mine cryptocurrency. This process requires a lot of computational power, which can cause your system to slow down drastically. You might notice your computer becoming unresponsive, running hotter than usual, or consuming more power. 

    In some cases, prolonged use of cryptominers can also lead to hardware damage due to the increased strain on your components. Additionally, these miners often run in the background without your knowledge, making it harder to detect the issue until the damage is already done.

    CrowdStrike is aware of the scam and advises individuals to stay vigilant. “This campaign highlights the importance of vigilance against phishing scams, particularly those targeting job seekers. Individuals in the recruitment process should verify the authenticity of CrowdStrike communications and avoid downloading unsolicited files, the company said in a blog post

    “Organizations can reduce the risk of such attacks by educating employees on phishing tactics, monitoring for suspicious network traffic and employing endpoint protection solutions to detect and block malicious activity.”

    GET FOX BUSINESS ON THE GO BY CLICKING HERE

    people on laptops

    People working on their laptops. (Kurt “CyberGuy” Knutsson)

    BEWARE OF ENCRYPTED PDFS AS THE LATEST TRICK TO DELIVER MALWARE TO YOU

    5 ways to stay safe from job interview scams

    1. Check if you applied for the job: If you receive an unsolicited interview invitation, think back to whether you actually applied for that job or company. Scammers often target jobseekers randomly, hoping someone takes the bait. If you didn’t apply, it’s likely a scam. Always confirm directly with the company before proceeding.

    2. Verify recruiter credentials: Always double-check the recruiter’s details before responding to an email or clicking any links. Verify their email address, LinkedIn profile and company association. Legitimate companies will use official email domains, not free services like Gmail or Yahoo.

    3. Avoid downloading unsolicited files: Be cautious of emails asking you to download any files or applications. Legitimate recruitment processes rarely require you to install software. If unsure, contact the company directly to confirm the request.

    4. Inspect links before clicking: Hover over any links in the email to see their actual URL. Scammers often use URLs that mimic legitimate sites but have subtle differences. If a link looks suspicious, avoid clicking on it.

    5. Use strong antivirus software: Use strong antivirus or endpoint protection software to detect and block malicious downloads. Regularly update your security tools to ensure they can handle new threats effectively.

    The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

    WHAT TO DO IF YOUR BANK ACCOUNT IS HACKED

    Kurt’s key takeaway

    Cybercriminals always manage to come up with new ways to exploit people. While this particular scam is more focused on using your computer’s resources than stealing data, it is still very dangerous. It shows that if a hacker can easily install software on your PC, they can also go ahead and steal your financial information and other personal data. Always verify the emails you receive, and try not to download anything you don’t trust.

    Have you ever received a suspicious email that looked like a job offer? Let us know by writing us at Cyberguy.com/Contact

    CLICK HERE TO GET THE FOX NEWS APP

    For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

    Ask Kurt a question or let us know what stories you’d like us to cover.

    Follow Kurt on his social channels:

    Answers to the most-asked CyberGuy questions:

    New from Kurt:

    Copyright 2025 CyberGuy.com. All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.