A DMG is a macOS disk image file. When opened, it mounts like a virtual disk so users can install apps, drag files, or run packaged software. Because it is a normal part of the Mac software workflow, DMGs are widely used for legitimate distribution.
That same trust makes DMGs useful to attackers. A malicious DMG can hide a trojanized installer, tricking users into launching malware that steals passwords, browser cookies, session tokens, or wallet data. Defenders look for suspicious downloaded images, unexpected first-run execution from mounted volumes, and bypasses of macOS protections such as Gatekeeper and quarantine checks. In security terms, the DMG is not the payload itself, but a delivery container that can make harmful software look routine.



