Hold on tight, Mac users! A new malware strain is on the prowl, and it’s set its sights on infiltrating your precious Apple devices. The threat, affectionately known as MacStealer, has been making waves in the cybersecurity community due to its stealthy use of Telegram as a command-and-control platform to extract sensitive information from compromised systems.
According to Uptycs researchers Shilpesh Trivedi and Pratik Jeware, MacStealer is a force to be reckoned with. It targets macOS devices running Catalina and later versions on M1 and M2 CPUs, and it’s not afraid to go after everything from documents to browser cookies and login details.
“MacStealer can steal documents, cookies from the victim’s browser, and login information,” Uptycs researchers Shilpesh Trivedi and Pratik Jeware said in a new report.
On a mission to steal more
A newly discovered malware named MacStealer can extract sensitive data from Apple devices.
- The malware was first advertised on hacking forums at the beginning of the month.
- While it’s still a work in progress, it has already been observed stealing iCloud Keychain data, passwords, and credit card information from web browsers such as Google Chrome, Mozilla Firefox, and Brave.
- The malware authors have also announced plans to add features allowing MacStealer to capture data from Safari and the Notes app.
Fake password prompts – The weed dealer here
Dubbed MacStealer, this info-stealing software spreads through an unknown delivery method, masquerading as a seemingly harmless DMG file named “weed.dmg.”
Once executed, the malware opens a fake password prompt that tricks users into revealing sensitive passwords under the guise of seeking access to the System Settings app. MacStealer isn’t just one of many similar tools currently lurking in the wild.
More malware tactics
A fresh breed of malicious software has emerged, adding to the growing list of online threats.
- HookSpoofer, a C#-based malware, has joined the ranks of StormKitty and Ducktail, capable of stealing browser cookies and secretly recording keystrokes.
- The stolen information is transmitted to a Telegram bot, which has become famous for cybercriminals to exfiltrate data.
- In the case of Ducktail, the malware has transformed, now utilizing a malicious LNK file as the initial infection vector, allowing it to evade detection more effectively.
These developments underscored the need for constant vigilance and heightened security measures to keep users’ sensitive data out of the hands of cybercriminals.
Stealer malware’s rising threat calls for cybersecurity measure
As the usage of Mac computers continues to surge within organizations, attackers are targeting these systems with sophisticated stealer malware. These malicious programs spread through various channels, including
- phishing emails,
- fake software downloads, and
- other forms of social engineering.
To prevent falling victim to these threats, experts advise users to
- keep their security software and operating systems up to date
- and refrain from downloading files or clicking links from unknown sources.
The stakes are high as hackers continue to set their sights on enterprise leadership and development teams, making it critical to implement robust cybersecurity measures to safeguard sensitive data.
“As Macs have become increasingly popular in the enterprise among leadership and development teams, the more important the data stored on them is to attackers,” SentinelOne researcher Phil Stokes commented last week.
Conclusion
In today’s ever-evolving threat landscape, cybercriminals are constantly devising new and sophisticated ways to infiltrate and compromise systems. The emergence of C#-based malware like HookSpoofer, and the evolution of threats like Ducktail, underscore the importance of maintaining a strong security posture and keeping security software up to date.
With the growing popularity of Mac computers in the enterprise, it’s more critical than ever to remain vigilant against these types of attacks. By implementing best practices for cybersecurity and staying informed about the latest threats, individuals, and organizations can better protect themselves against these persistent and pervasive dangers.
