anavem.
Back to Glossary
D

DMG (Apple Disk Image)

A DMG is an Apple Disk Image file format used on macOS to distribute software, installers, or compressed data in a mountable virtual disk.

What is a DMG file?

A DMG (Disk iMaGe) is a file format used primarily on macOS to package and distribute applications, installers, or collections of files. When opened, a DMG mounts as a virtual disk, appearing like an external drive in Finder. DMG files are commonly used by developers to deliver macOS software outside the App Store.

Why DMG files matter

DMG files are important because they:

  • Provide a simple, user-friendly installation experience
  • Support compression and integrity checks
  • Can be digitally signed and notarized by Apple
  • Are widely used in enterprise and consumer macOS environments

From a security perspective, DMGs are also a frequent malware delivery vector when sourced from untrusted locations.

Common uses of DMG files

Typical DMG use cases include:

  • macOS application installers (drag-and-drop apps)
  • Software updates and utilities
  • Distribution of drivers or tools
  • Packaging documentation or datasets
  • Enterprise software deployment (outside the App Store)

Many well-known macOS applications are distributed as DMGs.

DMG and macOS security

macOS applies several security controls to DMG files:

  • Code signing – verifies the developer identity
  • Notarization – Apple malware scanning and approval
  • Gatekeeper – warns or blocks untrusted software
  • Quarantine attributes – track downloaded files

Unsigned or improperly notarized DMGs may trigger security warnings or be blocked entirely.

DMG as an attack vector

Attackers often abuse DMG files to:

  • Distribute trojanized macOS applications
  • Bypass user suspicion using fake installers
  • Deliver malware such as infostealers or backdoors
  • Evade detection with signed-but-malicious payloads

DMGs are commonly used in phishing campaigns targeting macOS users.

DMG vs PKG vs ZIP

These formats are related but serve different purposes:

  • DMG: disk image container (mountable)
  • PKG: installer package with scripted installation
  • ZIP: generic compressed archive

PKG files allow deeper system changes; DMGs are often simpler and safer - but still risky if malicious.

How to safely handle DMG files

Best practices include:

  • Downloading DMGs only from official sources
  • Verifying developer signatures and notarization
  • Avoiding DMGs received via unsolicited emails
  • Using endpoint protection on macOS
  • Blocking unknown DMGs in enterprise environments

In managed macOS fleets, DMG execution is often restricted.

Common misconceptions

  • "DMG files are safe by default"
  • "macOS cannot get malware from DMGs"
  • "Only unsigned DMGs are dangerous"
  • "Gatekeeper blocks all malicious DMGs"