I’m thrilled to sit down with Dominic Jainy, a renowned IT professional whose groundbreaking work in artificial intelligence, machine learning, and blockchain has reshaped how we think about technology across industries. Today, we’re diving into his latest focus on cybersecurity, specifically the rising threats targeting macOS systems. With attackers increasingly setting their sights on Apple’s operating system, Dominic’s insights into new tools and research are more critical than ever. Our conversation explores why macOS has become a prime target, the unique challenges in studying its malware, and the innovative solutions being developed to combat these threats.
Can you walk us through why macOS has become such a significant target for attackers in recent years?
Absolutely. Over the past decade, macOS has gained a much larger user base, especially in enterprise environments where high-value data is often at stake. As more professionals and organizations adopt Macs, the incentive for attackers grows. Additionally, the tech landscape has shifted—cloud services and cross-platform tools have made it easier for malware to spread across operating systems. User behavior plays a role too; many still believe Macs are inherently secure, which can lead to complacency, like not installing robust security software or being cautious with downloads.
What do you think has contributed to the perception that macOS is safer, and how has that impacted security practices?
The perception stems from Apple’s historically tight control over its ecosystem, like the App Store and code-signing requirements, which gave users a sense of safety. Early on, macOS had a smaller market share, so attackers focused on Windows. But that myth of immunity has made some users and even organizations less vigilant. They might skip updates or ignore security warnings, assuming they’re protected. This mindset creates openings for attackers, especially as macOS malware becomes more sophisticated.
Why do you believe macOS threats have been understudied compared to platforms like Windows?
It largely comes down to history and scale. Windows has always dominated market share, so security research naturally gravitated there due to the sheer volume of threats. macOS, on the other hand, was seen as a niche target until recently. There’s also a resource issue—fewer researchers have deep expertise in macOS internals because it’s a more closed system. This lack of focus means there’s less community knowledge, fewer tools, and ultimately, a slower response to emerging threats.
What specific hurdles do researchers face when diving into macOS malware analysis?
One big challenge is the proprietary nature of macOS. Unlike Windows, where documentation and tools are widely available, Apple’s system is more opaque, making reverse-engineering tougher. Malware on macOS often exploits unique features like entitlements or scripting interfaces, which require specialized knowledge to detect. Plus, collecting large datasets of macOS malware for study is difficult since samples are less common and harder to come by compared to Windows threats.
How did your journey into focusing on macOS security threats begin?
My interest sparked a few years back when I noticed a spike in reports of macOS-targeted attacks while working on broader security issues. I connected with a colleague who shared my concern about the lack of attention to this area. We realized that defenders were often in the dark about the scale of the problem. That drove us to dig deeper, combining our backgrounds in threat analysis to build resources and tools that could help shift the industry’s perspective on macOS vulnerabilities.
Let’s talk about the dataset of macOS malware you’ve been working on. What makes it stand out for the security community?
This dataset, which we’ve compiled with over 70,000 binaries, is one of the largest public collections of macOS malware to date. What makes it unique is its depth—we’ve categorized both malicious and benign samples to highlight specific traits like misuse of security features or anomalies in code signing. It’s a foundational resource for researchers and defenders to better understand the macOS threat landscape and develop stronger protections based on real-world data.
One striking finding from your research is that a vast majority of malicious samples are unsigned. Can you explain why this is a critical issue for macOS security?
Sure. Apple’s code-signing system is meant to ensure that only trusted software runs on macOS, especially outside the App Store. When over 96% of malicious samples are unsigned, it means attackers are bypassing this safeguard, either by exploiting loopholes or tricking users into running unverified code. This undermines a core security mechanism and shows there are gaps in enforcement that allow malware to slip through, putting users at serious risk.
Can you share more about the open-source static analysis tool you’ve developed to combat these threats?
We created a tool designed to analyze macOS binaries at scale, processing thousands per minute even on standard hardware. It’s built to extract key structural features and indicators of malice, such as unusual entitlements, embedded scripts, or suspicious linked libraries. The goal is to give defenders a fast, accessible way to spot potential threats without needing a macOS system to run the analysis, making it versatile for broader use in the security community.
What do you think are the most alarming trends in the current macOS malware landscape that defenders should be aware of?
One major trend is the rise of state-sponsored actors targeting macOS, particularly groups mimicking legitimate entities to deploy malware with stolen or forged certificates. Another concern is the prevalence of credential stealers, especially in enterprise settings, which often evade traditional antivirus and endpoint detection tools. These trends highlight how attackers are adapting to macOS environments, exploiting both technical and human vulnerabilities with increasing sophistication.
What is your forecast for the future of macOS security threats and how the industry might respond?
I expect macOS threats to grow in both volume and complexity as its user base expands, particularly in high-stakes sectors like finance and tech. Attackers will likely refine their tactics, focusing on social engineering and exploiting Apple’s own features. On the industry side, I’m hopeful we’ll see more collaborative efforts—researchers sharing datasets and tools, and Apple tightening enforcement around code signing. But it’ll take a cultural shift too, with users and organizations treating macOS security with the same urgency as other platforms.