An attacker does not necessary need to hack into your computer to install malicious software. In most cases, unwanted programs get onto Macs due to careless of users when they visit legitimate sites, such as news portals. They can be compromised, so that infection gets onto computers of visitors regardless of their OS—in most cases, the target platform is detected and selected automatically.
Two simple conditions must be met for a system to get infected with BackDoor.Flashback.39: Java Virtual Machine must be installed in the system, and a user must load a compromised webpage in the browser.
Trojan.SMSSend family programs can be easily downloaded from various websites under the guise of a useful application.
Today, adware for macOS is also rather common. For instance, Trojan.Yontoo.1 gets onto a Mac, if the user agrees to download and install a browser plug-in from certain sites, or downloads it under the guise of a media player, a program to improve video playback quality, a "download accelerator", etc.
There are also e-mail and removable data storage devices—the traditional media that spread malware with no regard to the operating system.
