Moonlock by MacPaw has just released its Mid-2026 macOS Threat Report, a close look at the most significant threats so far this year.

One theme stands out: Mac and Windows are no longer separate threat surfaces. Any Mac incident can now trigger a cross-platform follow-on attack, with campaigns running in parallel: same servers, same domains, same dropper, same operator, just a different binary. Here are some highlights from the report:

  • ClickFix is still the top attack method, tricking users into running the malware themselves.
  • Adware dominates detections at roughly 65%.
  • Odyssey leads stealer detections at 62.7%, spread mainly through fake Homebrew, TradingView, and LogMeIn lures.
  • AI tools are the new bait. Fake AI developer tools now rank second only to cracked Adobe and Creative Suite installers among impersonated apps.
  • “Apple certified” doesn’t mean safe. Over half of malicious Mach-O uploads were digitally signed, and 22% carried valid or recently revoked Apple Developer certificates, exactly how so much slips past Gatekeeper’s first prompt.

I hope you’ll help support Apple World Today by becoming a patron. Almost all our income is from Patreon support and sponsored posts. Patreon pricing ranges from $2 to $10 a month. Thanks in advance for your support. 




Article provided with permission from AppleWorld.Today