For years, Mac users comforted themselves with the notion that their shiny silver machines were somehow immune to the dirty world of malware. They never were, but Windows got most of the malware, saw most of the innovation, and grabbed most of the headlines.

Meanwhile, Macs supplied cybercriminals with a steady income from a reliable collection of malware and tactics that rarely got the media’s pulse racing and changed very little from year to year.

Those days are officially over.

In 2024, we witnessed the dawn of a new breed of Mac malware—information stealers that embraced the kind of features and distribution techniques previously seen on Windows malware. Malware like Atomic Stealer (AMOS) and its rapidly ascendant offspring, Poseidon, have emerged as significant threats that every Mac user—particularly those in businesses—should take seriously. They make money by rummaging through infected computers for valuable information, stealing passwords, credit card details, cryptocurrency wallets, and even authentication cookies.

So what changed?

To put it plainly, Macs have grown up and become juicy targets. The rise of macOS stealers coincided neatly with increased Mac market share and a resurgence in malvertising—where criminals use malicious ads on platforms like Google and Bing, which redirect unsuspecting users to branded download pages.

Users looking to download legitimate apps end up installing a nasty bit of malware instead.

First emerging in 2023, AMOS was distributed using a software-as-a-service model for $1,000 a month, and its customers were kept onboard with regular updates to its functionality.

But just as AMOS had become a household name in the darker corners of the web, Poseidon crashed the party in mid-2024. In mere months, Poseidon has gobbled up a whopping 70% share of the macOS stealer landscape. Alarmingly, Poseidon’s explosive growth hasn’t displaced AMOS, which remains as prevalent as it ever was. Poseidon succeeded by “growing the pie” and adding significantly to the overall volume of information stealer infections.

This seismic shift in macOS threats means that Macs are no longer an afterthought—they’re prime targets. Businesses must act swiftly to protect their infrastructure, starting with robust macOS security software, proactive monitoring, and user education to spot the increasingly cunning malvertising campaigns that cybercriminals now favor.

To learn more about how criminals are making macOS attacks mainstream, and what you can do to defend against them, read the 2025 ThreatDown State of Malware report.