### Comprehending the Shifting MacOS Threat Environment: Insights from Jamf’s Security 360 Report
Annually, Jamf, a premier platform for managing Apple devices, releases its Security 360: Annual Trends Report, delivering a detailed examination of the macOS threat environment. The most recent report, derived from anonymized data of more than 1.4 million Macs across 90 nations, uncovers important trends and changes in malware activity impacting Apple devices.
#### Primary Findings
1. **Trojans Surge in Malware Scene**: Trojans represented 50% of all malware targeting Macs, reflecting a notable increase of more than 33% since 2024.
2. **Malicious Network Activity**: 44% of devices utilizing Jamf encountered malicious network activity.
3. **Outdated OS Issues**: 41% of devices were found to be operating on critically outdated systems.
4. **Exposed Applications**: 73% of devices had at least one application that was vulnerable.
#### Trojan Proliferation
The most striking finding from the report is the rise in trojan malware, which surged from 16.61% of total detections in 2024 to 50.32% in 2025. The predominant trojan, Atomic Stealer (AMOS), was accountable for 77.08% of all trojan activities and 78.49% of infostealer activities. This dual function underscores a trend where infostealers increasingly exploit trojan backdoors for durability, leading to inflated detection counts.
Infostealers often serve as forerunners to larger assaults, having the potential to hold data ransom or compromise additional systems. They can create backdoors, enabling attackers to retain access even following reboots. While all infostealers masquerade as trojans, not all trojans qualify as infostealers. Numerous trojans aim for extended persistence, facilitating file exfiltration or ransomware attacks.
#### Drop in Adware and PUAs
In contrast to the surge of trojans, adware and Potentially Unwanted Applications (PUAs) have shown a significant downturn. Adware detections fell sharply from 28% to a mere 5.06%, while PUAs decreased from 15.06% to 4.84%. This transition signals a more extensive trend in the malware market, shifting from ad revenue generation toward data expropriation.
#### Significant New Malware Identifications
The report also showcases various new malware families recognized by Jamf Threat Labs. Notably, DigitStealer, identified in late 2024, employs sophisticated anti-analysis methods and targets Apple Silicon M2 processors. It utilizes multiple memory-resident payloads to extract sensitive information, including browser data and cryptocurrency wallets.
Another recent find, MacSync Stealer, has advanced to deploy through code-signed and notarized Swift applications, enabling it to execute harmful payloads without user consent. This trend of camouflaging malware as authentic applications presents considerable hurdles for macOS security.
#### Summary
Jamf’s Security 360: Annual Trends Report highlights the changing nature of threats confronting macOS users and organizations. The significant surge in trojan malware, alongside the reduction of adware, illustrates a transition in attacker motivations and methods. As the threat environment continues to transform, it is vital for organizations to implement thorough security strategies to safeguard their Apple devices against these emerging threats. For more comprehensive insights, the complete report can be accessed [here](https://media.jamf.com/documents/white-papers/security-360-mac-2026.pdf?_gl=1*ggvzfj*_ga*ODMwMDAyNTgyLjE3NzUyNjE4NTQ.*_ga_X3RD84REYK*czE3NzU0ODU3MTAkbzQkZzAkdDE3NzU0ODU3MTAkajYwJGwwJGgw).