The Mac Malware of 2025
Contents
The samples covered in this post are available in our public malware collection! Also, direct links to each sample are provided in the sections where they are discussed.
A printable (PDF) version of this report can be found here:
Goodbye 2025 …and hello 2026! 🥳
For the 10th year in a row, I’ve put together a deep-dive blog post that comprehensively covers all new macOS malware observed throughout the year.
While many of these samples may have been reported on previously (for example, by the security vendors that first uncovered them), this post brings everything together to cumulatively and comprehensively document all new macOS malware from 2025 …in technical detail, in one place. And yes, samples are available for download. #SharingIsCaring
By the end of this post, you should have a solid understanding of the latest threats actively targeting macOS. This context matters more than ever as Macs continue their rapid rise: researchers at MacPaw’s …
A printable (PDF) version of this report can be found here:
Goodbye 2025 …and hello 2026! 🥳
For the 10th year in a row, I’ve put together a deep-dive blog post that comprehensively covers all new macOS malware observed throughout the year.
While many of these samples may have been reported on previously (for example, by the security vendors that first uncovered them), this post brings everything together to cumulatively and comprehensively document all new macOS malware from 2025 …in technical detail, in one place. And yes, samples are available for download. #SharingIsCaring
By the end of this post, you should have a solid understanding of the latest threats actively targeting macOS. This context matters more than ever as Macs continue their rapid rise: researchers at MacPaw’s …
IoC
https://t.co/jHNDnUb5FB
https://t.co/ATDCPxBk0u
https://67e5143a9ca7d2240c137ef80f2641d6.pages.dev/f42bb3a975870049d950dfa861d0edd4.aspx
http://hxxps://support.us05web-zoom.biz/troubleshoot-issue-727318
https://t.co/C1Dvw0t8kB
https://t.co/fOD1R42Dsc
https://t.co/mCg8v0DxoI
http://www.apple.com/DTDs/PropertyList-1.0.dtd
https://t.co/bUZSsZCol7
http://www.apple.com/DTDs/PropertyList-1.0.dtd\
https://dynamiclake.org
https://function.undefined21.com/sss
https://67e5143a9ca7d2240c137ef80f2641d6.pages.dev/
http://web071zoom.us/fix/audio-tr/7217417464
https://safeupload.online/files/[REDACTED]\\\
https://brsp.meshsorterio.com
https://function.undefined21.com/upload
https://t.me/phefuckxiabot
https://67e5143a9ca7d2240c137ef80f2641d6.pages.dev/054e6893413402d220f5d7db8ef24af0.aspx
https://goldenticketsshop.com/api/credentials
http://poseidon.cool
https://goldenticketsshop.com/api/log
https://t.co/VoFLKNnoOu
https://support.us05web-zoom.biz
https://meshsorterio.com/api/data/receive
https://t.co/gAuweiWhrF
https://t.co/vF6v06YVPT
https://67e5143a9ca7d2240c137ef80f2641d6.pages.dev/c9c114433040497328fe9212012b1b94.aspx
https://t.co/oyeyMdKPfp
https://brsp.meshsorterio.com/api/external/machines/me
https://goldenticketsshop.com
https://t.co/4p04TsYe90
http://localhost:8000/api/%@/%ld
https://t.co/1m1o2nb33w
https://t.co/kFGm8tff8v
https://67e5143a9ca7d2240c137ef80f2641d6.pages.dev/2bbfdf3250a663cf7c4e10fc50dfc7da.aspx
https://goldenticketsshop.com/api/grabber
https://support.us05web-zoom.biz/842799/check
http://web071zoom.us/fix/audio-fv/7217417464
https://t.co/PhY52v8A7c
https://t.co/c9FcotMvYU
https://steamcommunity.com/id/phefuckxia
https://67e5143a9ca7d2240c137ef80f2641d6.pages.dev/1e5234329ce17cfcee094aa77cb6c801.aspx
5.255.101.148
8.8.8.8
82.115.223.9
[email protected]
[email protected]
c9c114433040497328fe9212012b1b94
2bbfdf3250a663cf7c4e10fc50dfc7da
9e410d7320e53cfa145597824b9f6060
f42bb3a975870049d950dfa861d0edd4
054e6893413402d220f5d7db8ef24af0
1e5234329ce17cfcee094aa77cb6c801
6F0CDC9EAEAD1CA53C40D1C82B4180E85ED9EAF8
67e5143a9ca7d2240c137ef80f2641d6
https://t.co/ATDCPxBk0u
https://67e5143a9ca7d2240c137ef80f2641d6.pages.dev/f42bb3a975870049d950dfa861d0edd4.aspx
http://hxxps://support.us05web-zoom.biz/troubleshoot-issue-727318
https://t.co/C1Dvw0t8kB
https://t.co/fOD1R42Dsc
https://t.co/mCg8v0DxoI
http://www.apple.com/DTDs/PropertyList-1.0.dtd
https://t.co/bUZSsZCol7
http://www.apple.com/DTDs/PropertyList-1.0.dtd\
https://dynamiclake.org
https://function.undefined21.com/sss
https://67e5143a9ca7d2240c137ef80f2641d6.pages.dev/
http://web071zoom.us/fix/audio-tr/7217417464
https://safeupload.online/files/[REDACTED]\\\
https://brsp.meshsorterio.com
https://function.undefined21.com/upload
https://t.me/phefuckxiabot
https://67e5143a9ca7d2240c137ef80f2641d6.pages.dev/054e6893413402d220f5d7db8ef24af0.aspx
https://goldenticketsshop.com/api/credentials
http://poseidon.cool
https://goldenticketsshop.com/api/log
https://t.co/VoFLKNnoOu
https://support.us05web-zoom.biz
https://meshsorterio.com/api/data/receive
https://t.co/gAuweiWhrF
https://t.co/vF6v06YVPT
https://67e5143a9ca7d2240c137ef80f2641d6.pages.dev/c9c114433040497328fe9212012b1b94.aspx
https://t.co/oyeyMdKPfp
https://brsp.meshsorterio.com/api/external/machines/me
https://goldenticketsshop.com
https://t.co/4p04TsYe90
http://localhost:8000/api/%@/%ld
https://t.co/1m1o2nb33w
https://t.co/kFGm8tff8v
https://67e5143a9ca7d2240c137ef80f2641d6.pages.dev/2bbfdf3250a663cf7c4e10fc50dfc7da.aspx
https://goldenticketsshop.com/api/grabber
https://support.us05web-zoom.biz/842799/check
http://web071zoom.us/fix/audio-fv/7217417464
https://t.co/PhY52v8A7c
https://t.co/c9FcotMvYU
https://steamcommunity.com/id/phefuckxia
https://67e5143a9ca7d2240c137ef80f2641d6.pages.dev/1e5234329ce17cfcee094aa77cb6c801.aspx
5.255.101.148
8.8.8.8
82.115.223.9
[email protected]
[email protected]
c9c114433040497328fe9212012b1b94
2bbfdf3250a663cf7c4e10fc50dfc7da
9e410d7320e53cfa145597824b9f6060
f42bb3a975870049d950dfa861d0edd4
054e6893413402d220f5d7db8ef24af0
1e5234329ce17cfcee094aa77cb6c801
6F0CDC9EAEAD1CA53C40D1C82B4180E85ED9EAF8
67e5143a9ca7d2240c137ef80f2641d6