MacStealer Malware Targets Sensitive Information on MacOS Computers

According to Uptycs researchers Shilpesh Trivedi and Pratik Jeware, a new information-stealing malware called MacStealer is targeting Apple's macOS operating system to obtain sensitive information from compromised devices. The malware uses Telegram as a command-and-control (C2) platform to exfiltrate data and mainly affects macOS versions Catalina and later running on M1 and M2 CPUs. The researchers noted that MacStealer can extract documents, cookies from the victim's browser, and login information. Initially sold for $100 on online hacking forums, MacStealer is still in development, and the malware authors plan to add features to capture data from Apple's Safari browser and the Notes app.

MacStealer is spread as a DMG file (weed.dmg), and when executed, it opens a fake password prompt to harvest passwords under the guise of seeking access to the System Settings app. The malware can extract iCloud Keychain data, passwords, and credit card information from browsers like Google Chrome, Mozilla Firefox, and Brave. It also features support for harvesting Microsoft Office files, images, archives, and Python scripts.

Other information-stealing malware tools that have emerged recently include HookSpoofer, which is a C#-based malware that comes with keylogging and clipper abilities and transmits the stolen data to a Telegram bot. Another example is Ducktail, a browser cookie-stealing malware that also uses a Telegram bot to exfiltrate data. To mitigate such threats, experts advise keeping operating systems and security software up to date, avoiding downloading files or clicking links from unknown sources, and being vigilant when it comes to phishing and other social engineering tactics.

Is it a Myth That Mac Computers Are Not Targeted by Malware?

Yes, it is a myth that Mac computers are not targeted by malware. While it is true that macOS has traditionally been considered more secure than Windows, Macs are still vulnerable to malware attacks. In recent years, there has been an increase in the number of malware attacks on Mac computers. Malware such as adware, Trojans, ransomware, and information stealers have all been known to target macOS.

In fact, the Mac operating system has been the target of several high-profile malware attacks in the past, including the Flashback Trojan, which infected over 600,000 Macs in 2012. In 2019, security researchers discovered a new strain of malware called OSX.ThiefQuest, which was capable of stealing files, cryptocurrency wallet data, and even passwords from infected Macs.

While macOS does include built-in security features, such as Gatekeeper and XProtect, that help protect against malware, they are not foolproof. It is essential to keep your operating system and security software up to date and avoid downloading files or clicking links from unknown sources to reduce the risk of malware infections.