Moonlock by MacPaw has just released its Mid-2026 macOS Threat Report, a close look at the most significant threats so far this year.
One theme stands out: Mac and Windows are no longer separate threat surfaces. Any Mac incident can now trigger a cross-platform follow-on attack, with campaigns running in parallel: same servers, same domains, same dropper, same operator, just a different binary. Here are some highlights from the report:
- ClickFix is still the top attack method, tricking users into running the malware themselves.
- Adware dominates detections at roughly 65%.
- Odyssey leads stealer detections at 62.7%, spread mainly through fake Homebrew, TradingView, and LogMeIn lures.
- AI tools are the new bait. Fake AI developer tools now rank second only to cracked Adobe and Creative Suite installers among impersonated apps.
- “Apple certified” doesn’t mean safe. Over half of malicious Mach-O uploads were digitally signed, and 22% carried valid or recently revoked Apple Developer certificates, exactly how so much slips past Gatekeeper’s first prompt.
I hope you’ll help support Apple World Today by becoming a patron. Almost all our income is from Patreon support and sponsored posts. Patreon pricing ranges from $2 to $10 a month. Thanks in advance for your support.
Article provided with permission from AppleWorld.Today

