Is visiting a potentially dangerous website enough to get malware on a Mac?

Simply visiting a website won't download anything bad. You would have to download it to your computer, install it, and then run it.

No, you do not need antivirus tools. You will find plenty of vendors who will tell you that you do, but they are a solution in search of a problem. It is possible you were bounced to the other site too because the vendor of the software you were investigating has code on their web page to automatically take you to another page because they get paid money to have that. I find that a bit of a slimy technique which, of course, makes me question the ethics of the developer and any software they may be distributing. Ironically, frequently the web sites to which they direct you are ones with so-called "cleaning" tools for your Mac (which are NOT something you want) or unnecessary anti-virus tools. I last had a Mac virus scanner about 30 years ago. That's not to say there isn't something bad out there, but you have to be really, really, really careless (to the extent of almost trying to intentionally get something) to get something that is.

This question is unanswerable.

Is it possible? Sure.

Is it likely? No.

Doing fundamentally unwise things shifts it all toward more possible, though.

Adding anti-malware can pillage your privacy and your data, can introduce new vulnerabilities, can add instability, can reduce performance, usually adds noise, and all too often for negligible or no or even negative benefits; it can be unwise.

Some of the Macs with the most issues will have cracked apps and keygen apps and with multiple add-on anti-malware completely oblivious to the mess, or disabled. Cracks are one of the best available ways to get malware.

Moanee45 wrote:

It’s pretty much Simple If you’re getting an App that hasn’t been Verified Beware it’s a scam or it’s got Malware and be careful About where you got it from and Make sure you go to a Qualified retailer and check for Verified Credentials Just be Careful

It’s quite possible that some cracked apps and keygen apps can be or will be notarized. Developer app signing and notarization are part of a means of reacting more quickly to identified malware and then to its particular creation, but signing and notarization and XProtect (and add-on anti-malware apps) are quite possibly not going to protect somebody that goes looking for trouble.

What can help avoid trouble here? Current hardware and current macOS versions most definitely, backups and quite possibly deeper and more robust backup procedures including disconnected or offsite backups, robust and unique passwords, two-factor authentication, current app and macOS versions, and, yes, sticking to notarized apps and app store apps. And not looking for and not installing cracked apps and keygen tools.

I’m unclear how a “qualified retailer” is relevant here, nor what ”verified credentials” might be in this context, and there are numerous self-signed and non-notarized apps (e.g. Homebrew, MacPorts) that can be perfectly fine. (Though malware via either is certainly entirely possible.)

Related reading: https://help.apple.com/pdf/security/en_US/apple-platform-security-guide.pdf

mcbookchip wrote:

I didn't download the app from the pirate site. I closed that pirate site and tried downloading the app from the official site again, but my Mac still blocked the app from opening, so I deleted it. My main concern is this: is it possible to get malware (or cyber attacks) by visiting a website, considering I don't use antivirus (I trusted the Mac's built-in protections)?

If you did not open and install, there is no harm simply visiting or downloading.

The App Store version doesn't work because the note about not being verified for a Mac means it's only intended to be used on an iOS device (iPhone or iPad). Some apps like that will run on an M series Mac anyway. Others will be blocked from opening, and others will erroneously tell you it's malware.

In short, you will not be able to get that particular app to run on a Mac.

Yes, it's possible to download malware to a Mac. Namely, Trojans. But that wasn't the case here. You tried to get the iOS app from the vendor's site, and it wouldn't run for the same reason it wouldn't when downloaded from the App Store.

Any app not signed by an approved developer will give you a run warning. That doesn't necessarily mean that the app is malicious but simply that the developer has not bothered to register with Apple as a recognized developer. You would have to go to System Settings > Privacy & Security to approve the app.

I see that your original title mentioned a "Lyra" app. As far as I can tell that is an Android app and there is no way to get that to run on your Mac computer, so a lot of the side issues are moot in this case.

Moanee45 wrote:

You did the right thing you Can’t be to careful with Something that is better of in the bin

"Cracked" apps are not the same as unverified apps. Cracked apps have been modified so you don't have to verify any license keys or other requirements. Effectively, they are stolen. Anyone who is willing to do that may also be willing to make other more dangerous, less obvious modifications.

It's important to be accurate and specific.

It’s pretty much Simple If you’re getting an App that hasn’t been Verified Beware it’s a scam or it’s got Malware and be careful About where you got it from and Make sure you go to a Qualified retailer and check for Verified Credentials Just be Careful

Moanee45 wrote:

It’s pretty much Simple If you’re getting an App that hasn’t been Verified Beware it’s a scam or it’s got Malware and be careful About where you got it from and Make sure you go to a Qualified retailer and check for Verified Credentials Just be Careful

That's not accurate. Not all unverified apps are scams or malware. Yes, you should exercise due diligence but there's no cause for scaremongering.

mcbookchip wrote:

I downloaded the app, went to my downloads folder, double-clicked the app, and dragged it to the applications folder. Then I went to Finder, then Applications, and double-clicked the app. A window appeared saying "The app hasn't opened," so I moved the app to the trash.

no worries.