In 2025, cybercriminals are stepping up their attacks on macOS, using advanced artificial intelligence (AI) to carry out more innovative, faster, and stealthy ransomware campaigns. According to a recent report by Malwarebytes, this year could mark a significant turning point in how AI is used in cybersecurity, especially as AI moves from simply assisting with coding to acting autonomously in complex tasks.
While tools like ChatGPT have made waves in the tech world, the rise of “agentic AI” could significantly impact defenders and attackers. Agentic AI can act independently, making it capable of performing tasks like network monitoring, patching vulnerabilities, and identifying threats without constant human oversight. This shift could help bridge the skills gap in cybersecurity, allowing defenders to handle tedious tasks more efficiently. However, it also will enable cybercriminals to scale their operations, automating attacks like ransomware, phishing campaigns, and even breaching networks without human intervention.
The evolving threat of ransomware
Ransomware remains one of the most profitable forms of cybercrime, with a 13% increase in attacks in 2024. The largest ransom payment recorded—$75 million—was made in 2024, highlighting the growing scale and impact of these attacks. While traditional ransomware groups like LockBit and ALPHV see their influence wane, more minor, lesser-known gangs are stepping in. These “dark horse” groups have made ransomware tools and techniques more accessible, allowing even less-experienced cybercriminals to launch attacks.
These new players are making ransomware attacks faster and more sophisticated. On macOS, the trend is becoming particularly concerning, with advanced information stealers like Poseidon and Atomic Stealer exploiting malvertising campaigns to infiltrate systems. These stealers target sensitive data like passwords and cryptocurrency wallets, making macOS a prime target for cybercriminals.
MacOS users face growing AI threats.
The platform sees increased cyberattacks as macOS adoption rises in both personal and corporate environments. The 2024 discovery of the Banshee macOS Stealer showed how vulnerable Macs have become to advanced attacks. Cybercriminals are now using AI to make phishing scams harder to spot, crafting compelling emails that appear to come from trusted sources like Apple or financial institutions. These AI tools can analyze email patterns, generating personalized messages that seem incredibly authentic.
AI is also enhancing malvertising campaigns, where fake ads for popular Mac software—such as productivity tools or security apps—are placed at the top of search results. With AI refining these attacks in real time, traditional warning signs like poor grammar or generic content are no longer reliable.
How to stay protected
To combat these increasingly sophisticated threats, cybersecurity teams must rethink their approach. AI-driven tools can help detect and respond to threats faster, allowing for more proactive protection. Enhancing endpoint security is crucial, as advanced solutions can now identify suspicious behavior that might have previously gone unnoticed. Another priority is securing access points, such as disabling remote desktop protocols and limiting vulnerable tools.
Additionally, staff training remains a cornerstone of cybersecurity. Teams must be equipped to recognize phishing attempts and social engineering tactics, ensuring they can stay one step ahead of the attackers. As cybercriminals continue to evolve their use of AI, staying vigilant and adapting security strategies will be key to defending against these advanced threats.
