Adware MaxOfferDeal became the most common malware for computers from the company in the first quarter of this year Apple. Security experts did not record it at the top of regular statistics in the past period. This is according to ESET's detection data for the macOS platform in the Czech Republic and Slovakia for the period from January to March 2025. Pirrit adware detections continued to decline significantly, however, the PSW.Agent infostealer increased by several percentage points. This is currently a significant risk for this platform. The infostealer also targets cryptocurrencies and cryptocurrency wallets, among other things.
"Adware MaxOfferDeal is a type of malicious code in which attackers exploit SEO – search engine optimization. This type of attack is carried out thanks to available and legitimate online marketing tools, which can contribute to its greater spread and success. In this case, adware spreads through redirected sponsored links and search results. Users are offered to download various fraudulent applications on fraudulent banners and pages to solve apparent problems that do not actually exist – for example, these may be fraudulent updates to the browser, system or various programs. Some of them may no longer officially work, as is the case with the attackers of the very popular Adobe Flash Player. In this case, users always download only adware that monitors their behavior on the Internet,"explains Jiří Kropáč, head of ESET's research branch in Brno.
Pirrit adware, which users may encounter similar to adware MaxOfferDeal in a number of fake add-ons and updates, then in the first quarter did not repeat its growth from the end of last year. From 50 percent of detections, it "fell" to a share of 13 percent of all detected cases for the macOS platform. However, compared to the last monitored period, the infostealer PSW.Agent strengthened. Cybersecurity experts attribute this mainly to the growing threats to cryptocurrency wallets.
"While in the last quarter of last year, the infostealer PSW.Agent disguised itself as keygen or cracked versions of programs for various applications – for example, AutoCAD or ArchiCAD – at the beginning of this year, attackers mainly presented it as applications for online meetings and conferences such as Zoom or Microsoft Teams. Even in the case of the spread of this infostealer, they use legitimate-looking ads in the Google advertising system. After clicking on the ad, users are redirected to a page that prompts them to download some program. But again, this is just malicious code," says Kropáč.
You could be interested in
Attackers want to acquire cryptocurrencies using malware, they also appear in scams
Infostealers are not just a risk for the macOS platform. Czech users also regularly encounter them on the operating system. WindowsThe specialization of the PSW.Agent malware, also known as Atmos Stealer (AMOS), is not only the theft of login names and passwords, but also the theft of data related to cryptocurrencies and cryptocurrency wallets, such as Electrum, Binance, etc.ancor Exodus.
"Infostealer PSW.Agent is currently a very widespread malware for the macOS platform. In the second half of last year, we generally began to observe a sharp increase in cyber threats to cryptocurrencies and cryptocurrency wallets, as cryptocurrencies became more widely known. During the period from June to November 2024, the number of investment frauds increased significantly, by more than 335% between the first and second half of last year. Our detections also saw an increase in cryptostealers, while the most dramatic growth was on the macOS platform. Given the sharp fluctuations in cryptocurrency prices, we can regularly encounter either fraud or malicious code, because both buyers and holders are in the crosshairs of attackers," says Kropáč.
Security experts recommend that users secure their computers with quality security software that will reliably protect them from infostealers and other malicious codes. In the case of investment fraud, they recommend relying on healthy skepticism and caution. Fraudulent scenarios today are often sophisticated and combine several social engineering techniques, such as Phishing whether vishingDeepfake content can also be part of the scams.
"If you are not sure that the content you are viewing is not generated artificial intelligence, focus on whether the person in the video seems real, whether their lip movements match what they are saying, whether they are jerky or whether they are blinking. You can also check social media to see if someone has already pointed out the fraudulent content. Approach shocking headlines and advertisements with a healthy skepticism. If you click on an advertisement and are redirected to another website, always check its URL address," advises Kropáč from ESET.
The most common cyber threats in the Czech Republic and Slovakia for the macOS platform in the period from January to March 2025:
- OSX/Adware.MaxOfferDeal (15,0%)
- OSX/Adware.Pirrit (13,2%)
- OSX/PSW.Agent (11,5%)
- OSX/TrojanDownloader.Adload (11,1%)
- OSX/Adware.Bundlore (8,5%)
