Rent-a-Malware: Hackers Now Offering Full macOS Control for Hire

For years, Mac users bragged that their computers couldn’t get viruses. You’d hear it at coffee shops, tech meetups, and from that one person in every office who swears they’re “not a Windows person.” But it’s 2025 now, and that myth needs to be put to bed. Macs can get malware. And now, anyone with a bit of crypto and questionable morals can rent a toolkit that lets them take over a Mac like it’s a rental car.

Cybersecurity researchers have discovered two new malware tools for macOS: JokRAT and XenoRAT. These aren’t scripts from some dodgy hacker forum—they’re polished, ready-to-deploy kits that offer full control of a Mac. The kind of full control that lets someone poke around your files, steal your passwords, turn on your webcam, and help themselves to whatever they find interesting. And just to spice things up, you don’t need to be a coding genius to use them. You just need internet access and bad intentions.

This whole Malware-as-a-Service (MaaS) trend is basically cybercrime on easy mode. It's like Netflix, but instead of binge-watching shows, you're binge-hacking systems. These kits come with instructions, dashboards, and yes—customer support. Because even criminals need a help desk, apparently.

Why target Macs now? Because they’ve finally become juicy targets. Businesses are full of Macs—designers use them, developers use them, and let’s not forget C-level execs who love the Apple aesthetic. So if you’re a hacker, why wouldn’t you aim for the stylish, expensive machine with access to the company’s secrets?

XenoRAT is built using .NET MAUI, which makes it able to run on different types of systems. JokRAT, on the other hand, is laser-focused on macOS. Both give attackers the ability to browse files, log keystrokes, steal clipboard data (yes, even that password you copied), and remain hidden even after restarts. These aren't clumsy tools—they’re sleek, silent, and devastating.

The infection methods are frustratingly familiar: a fake update notification, a dodgy email attachment, or a too-good-to-be-true download link. One click, and boom—your Mac is phoning home to a hacker.

Now, Apple does have security features like Gatekeeper and System Integrity Protection. These are good, but they’re not magic. If a user clicks "yes" when macOS says, "Are you sure you want to open this app you found on the internet?", then the malware has all the invitation it needs. It’s like locking your front door but handing the key to a stranger who promises they’re not a burglar.

So what can Mac users actually do to not get completely wrecked by this? Start by using proper security software. Yes, even on a Mac. Next, only install apps from the App Store or known developers. Businesses should manage their Macs with tools that enforce updates and control who can install what. And please, for the love of common sense, educate your users. Show them what a phishing email looks like. Show them how to spot a fake app. Maybe even quiz them. Bribe them with snacks if you have to.

Oh—and those system updates you keep snoozing? Stop it. Install them. They’re literally fixing the holes that let this malware in. Every time you ignore an update, a hacker smiles.

Macs are often used by the people with the most access. If one of these machines gets taken over, it’s not just a personal problem—it could be a company-wide disaster. Private emails, confidential documents, internal systems—it’s all fair game once the attacker’s inside.

The days of thinking Macs are invincible are over. The tools available now are slicker and simpler than ever, and criminals are making good money renting them out. So treat your Mac like any other computer. Lock it down, keep it clean, and don’t assume it’s safe just because it’s shiny.