Skip to main content

In the age of ChatGPT, Macs are under malware assault

It’s common knowledge — Macs are less prone to malware than their Windows counterparts. That still holds true today, but the rise of ChatGPT and other AI tools is challenging the status quo, with even the FBI warning of its far-reaching implications for cybersecurity.

That may be why software developer Macpaw launched its own cybersecurity division — dubbed Moonlock — specifically to fight Mac malware. We spoke to Oleg Stukalenko, Lead Product Manager at Moonlock, to find out whether Mac malware is on the rise, and if ChatGPT could give hackers a massive advantage over everyday users.

State-sponsored attacks

A person using a laptop with a set of code seen on the display.
Sora Shimazaki / Pexels

Apple silicon has rejuvenated Apple’s computers, with a spike in global sales ever since the chips debuted in 2020, according to Statista. All those extra Macs could make the platform a juicy target for malware writers enticed by a widening pool of potential paydays.

As Stukalenko puts it, “Because of a growing quantity of Mac computers, macOS has become an attractive target for cyberattacks … Even the notable case of North Korea’s Lazarus Group, which became one of the first state-sponsored groups to target Macs last year, keeps us on high alert.”

And while Stukalenko acknowledges that “In theory, a newer processor architecture [like Apple silicon] may be considered a safer one,” that doesn’t make it immune to threats. In fact, of all the malware samples analyzed by Moonlock, “almost all work on both Intel and ARM architectures” like the one that forms the basis of Apple silicon chips.

The ChatGPT threat

A MacBook Pro on a desk with ChatGPT's website showing on its display.
Hatice Baran / Unsplash

Ransomware often makes a big splash in the news, but it’s not the fastest-rising Mac malware threat, according to Moonlock — instead, that dubious accolade goes to various types of stealers. This malware usually takes the form of a trojan that gathers information from a victim’s system, Stukalenko says, such as usernames and passwords, credit card information, or login details. This category also includes keyloggers, which keep track of everything you type in the hopes of picking up sensitive info.

Another rising threat for Mac users? ChatGPT. While the chatbot itself is not malware, it has the potential to be misused by bad actors who, with some clever prompt engineering, can task it with writing malicious code for them. What do the engineers at Moonlock think about ChatGPT’s capacity as a hacker’s helper?

“СhatGPT can be used for quick prototyping of malware by generating multiple code snippets,” Stukalenko says, giving hackers an extra weapon in their arsenal against their targets. As well as that, the chatbot can be used “to quickly generate a similar new code based on the initial code,” resulting in “polymorphic” malware. This is able to “change its appearance continuously and rapidly morph its code” in order to evade antivirus detection. While not hugely popular right now, it could become a serious problem in the near future.

A person sits in front of a laptop. On the laptop screen is the home page for OpenAI's ChatGPT artificial intelligence chatbot.
Viralyft / Unsplash

Despite OpenAI adding guardrails to ChatGPT that are meant to protect against malicious code generation, these defenses can be easily overcome, Stukalenko says. For instance, the Moonlock team was able to use ChatGPT to generate working encryption code that could be used in ransomware, working their way around the guardrails in a relatively straightforward fashion.

There’s some good news though. Even though ChatGPT can spin up functioning malware code, it is also prone to providing users with faulty outputs that behave weirdly, Stukalenko says, much like how some image generators create images of people with seven fingers. That’s similar to what cybersecurity experts told us when we quizzed them on the same topic in May 2023.

And Stukalenko notes that “ChatGPT brings higher risks for the whole cybersecurity ecosystem, but Mac users specifically are in no way under a more significant risk than users of any other [operating system].” In other words, this is a platform-agnostic problem, not a macOS problem.

How to stay safe

The MacBook Pro on a wooden table.
Digital Trends

So, is it correct to feel that Macs are safer than Windows machines? Stukalenko says that belief is not totally unfounded. “Apple prioritizes security, and the widely held belief that macOS is more protected than Windows has weight behind it,” Stukalenko says. “Over the years, Apple has been consistently adding more security features to macOS … Moreover, the review process of the App Store considerably reduces the risk of installing malware.”

But as we’ve seen, no system is totally beyond the clutches of viruses, trojans, and the like. As Stukalenko explains, “the robust security safeguards and the perceived system’s invulnerability have built a myth that malware doesn’t exist on macOS.”

“According to our own research,” they continue, “57% of Mac users either agree or hesitate to disagree with the statement that ‘Malware does not exist on macOS.’ This persistent misconception makes users vulnerable to potential cyberattacks.”

What can you do to stay safe on your Mac? According to Moonlock, you should prioritize downloading apps from the official App Store, as everything there has to be notarized and checked by Apple. If the app you want isn’t available there, avoid downloading apps through Google or banner ads, as these can hide malware.

Elsewhere, Stukalenko says you should avoid torrents at all costs, and install an antivirus app from a trusted developer. Put these tips into practice and you’ll go a long way to keeping your Mac safe — even from malware built with the automated assistance of ChatGPT.

Editors' Recommendations

Alex Blake
In ancient times, people like Alex would have been shunned for their nerdy ways and strange opinions on cheese. Today, he…
Bing Chat just beat a security check to stop hackers and spammers
A depiction of a hacker breaking into a system via the use of code.

Bing Chat is no stranger to controversy -- in fact, sometimes it feels like there’s a never-ending stream of scandals surrounding it and tools like ChatGPT -- and now the artificial intelligence (AI) chatbot has found itself in hot water over its ability to defeat a common cybersecurity measure.

According to Denis Shiryaev, the CEO of AI startup Neural.love, chatbots like Bing Chat and ChatGPT can potentially be used to bypass a CAPTCHA code if you just ask them the right set of questions. If this turns out to be a widespread issue, it could have worrying implications for everyone’s online security.

Read more
Bing Chat’s ads are sending users to dangerous malware sites
Bing Chat shown on a laptop.

Since it launched, Microsoft’s Bing Chat has been generating headlines left, right, and center -- and not all of them have been positive. Now, there’s a new headache for the artificial intelligence (AI) chatbot, as it’s been found it has a tendency to send you to malware websites that can infect your PC.

The discovery was made by antivirus firm Malwarebytes, which discussed the incident in a blog post. According to the company, Bing Chat is displaying malware advertisements that send users to malicious websites instead of filtering them out.

Read more
This powerful ChatGPT feature is back from the dead — with a few key changes
A laptop screen shows the home page for ChatGPT, OpenAI's artificial intelligence chatbot.

ChatGPT has just regained the ability to browse the internet to help you find information. That should (hopefully) help you get more accurate, up-to-date data right when you need it, rather than solely relying on the artificial intelligence (AI) chatbot’s rather outdated training data.

As well as giving straight-up answers to your questions based on info found online, ChatGPT developer OpenAI revealed that the tool will provide a link to its sources so you can check the facts yourself. If it turns out that ChatGPT was wrong or misleading, well, that’s just another one for the chatbot’s long list of missteps.

Read more