MacOS Malware Called 'MacStealer' Poses Risk to Users' iCloud Keychain Data, Passwords, Credit Card Information

Check out the new MacOS malware called "MacStealer."

The prevalence of macOS stealer malware is on the rise as a wave of new malicious programs have been discovered targeting Apple's popular operating system in recent months.

Analysis of the Increase in macOS Malware Targeting Popular Operating System

According to the story by The Hacker News, beyond MacStealer and Ducktail, which exfiltrate data to an attacker-controlled Telegram bot, there is HookSpoofer, a C#-based malware that features keylogging and clipper abilities.

The increase in macOS malware is largely due to its increasing popularity in the enterprise. With teams ranging from development to leadership now sharing sensitive data across macOS devices, malicious actors are finding the influx of new targets more and more appealing.

The malicious MacStealer malware has recently started to set its sights on Apple's macOS operating system, targeting and compromising devices running macOS versions Catalina and later on M1 and M2 CPUs.

Stealing iCloud Keychain Data, Passwords, and Credit Card Information

The malware is advertised on online hacking forums and is still a work in progress, with its authors planning to add the capability to capture data from Apple's Safari browser and Notes App. Per Uptycs, MacStealker can steal documents, cookies, and login information.

MacStealer is a dangerous threat that was designed to steal iCloud Keychain data, passwords, and credit card information stored on browsers and can also harvest documents, cookies, Microsoft Office files, images, archives, and Python scripts.

It is delivered as a DMG file that opens a fake password prompt when executed, gathering the information falsely under the guise of supplying access to the System Settings app.

Increased Popularity of Macs Make Them a Target for Data Theft

There is an increasing number of similar tools on the market, such as HookSpoofer and Ducktail, both of which also feature keylogging and clipper abilities. HookSpoofer, inspired by StormKitty, transmits stolen data to a Telegram bot, while Ducktail utilizes improved tactics to disguise its initial infection chain - changing from an archive containing an executable to an archive containing a malicious LNK file.

Stealer malware is typically propagated via email attachments and bogus software downloads from unknown sources, which users should steer clear of. Installing the latest security software updates and avoiding suspicious downloads is key to protecting oneself from information theft.

Macs have become more popular in the corporate setting, user data they store on them has become all the more attractive to attackers. SentinelOne researcher Phil Stokes gave a statement regarding the popularity of Macs.

MacStealer Planning to Collect Data from Apple's Notes App

To give it a competitive edge over other info-stealers, MacStealer is also planning to be able to collect data from Apple's Notes app. It's likely that more malicious actors will catch wind of this threat as time goes on and use it to compromise unsuspecting victims.

Apple users should remain vigilant as malicious actors are getting more sophisticated in their efforts to steal their data. Keeping security software up-to-date, avoiding suspicious downloads and links, and being aware of potential phishing scams is the only way to protect against the widespread malware threat.

Tech Times
Tech Times Tech Times
ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics