Overall Mac detections decreased by 38%, though Mac detections for businesses increased 31%
Malware accounted for just 1.5% of all Mac detections in 2020—the rest can be attributed to Potentially Unwanted Programs (PUPs) and Adware
ThiefQuest tricked many researchers into believing it was the first example of ransomware on macOS since 2017, but the malware was hiding its real activity of massive data exfiltration. It accounted for more than 20,000 detections in 2020
The full PDF report:
All that changed with macOS 10.15 (Catalina). We’ve entered a world in which no software in the entire industry can remove all components of these PUPs, because they’ve come under the protection of Apple.
Apple’s days of sitting on the fence are now over. With the protection involved in the system extension entitlement, there is no longer any middle ground. At the time of writing, Apple is implicitly siding with the PUPs, providing them protection against removal.
Notarization involves submitting apps to Apple. […] Adware developers responded in divergent ways. Some simply stopped signing their Adware, providing the user with instructions on how to bypass macOS security to run the unsigned installer. This means that they don’t have to bother with notarization, but they also don’t have to worry about Apple revoking their code signing certificate.
However, other Adware developers went the other way, and actually managed to get their malware notarized! In a number of cases, it appears to have passed the notarization checks without significant modification.