[j0hnml]

Malware that can proliferate on Windows boxes without user action almost always requires some remote code execution vulnerability (or some security misconfiguration issue) to be exploited first. This is true for macOS as well. That cycle is usually:

Exploit vuln -> download malware payload -> execute malware

[zbentley]

I think that was GP's point as well. That fully hands-free RCE process just doesn't seem to happen as often on OSX as on windows. Whether that's because of market share, software differences, or something else remains open for debate.