KELA REPORT
The Rise of macOS Infostealers: 2025 in Review
As Apple’s enterprise footprint expands, macOS has become an increasingly attractive target for threat actors. This report traces the rapid professionalization of macOS infostealers—fueled by Malware-as-a-Service (MaaS)—and shows how stolen credentials, cookies, and tokens translate into sellable corporate access.
In KELA’s new report, you’ll learn:
- What’s changed: How macOS moved from “safer by default” to a prime target—and why that perception gap persists.
- How attacks land: Social engineering, fake installers, malvertising, and bypasses of Gatekeeper/XProtect.
- About real-world case studies: Atomic Stealer (AMOS) and Quark Stealer—capabilities, pricing models, and monetization paths.
- What to do now: Practical controls and multi-layered defense strategies to elevate macOS security.
Download the Report
Inside the Infostealer Epidemic – Webinar
Join Lin Levi, Threat Intelligence Analyst at KELA, as she analyzes the rise of infostealers and their critical role in driving credential-based attacks, including ransomware, business email compromise (BEC), and identity fraud.
KELA Ransomware Protection Suite
KELA delivers a comprehensive, intelligence-driven defense, designed to neutralize ransomware threats before they can impact your business.
Inside the Black Basta Leak: How Ransomware Operators Gain Access
In this report – understand how attackers operate and how you can strengthen your defenses.