This new macOS malware is targeting iCloud Keychain to steal all your details
New macOS malware being sold on the dark web
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Security experts have warned macOS users about a new piece of malware being advertised on the dark web that seeks to exfiltrate sensitive data, such aspasswords, cryptocurrency wallet information, and similar.
Cybersecurity researchers from the Uptycs threat research team recently spotted a threat actor adveritsing their new product on the dark web, with the explicit aim of targeting macOS users.
Themalwareis being sold for $100, with the criminals claiming they’re offering such a competitive price because the product is still in early development stages and doesn’t have a builder or panel.
Stealing passwords
Instead, users can get a pre-built DMG payload for different versions of macOS: Catalina, Big Sur, Monterey, and Ventura (the latter is the latest macOS version).
Those that choose to purchase MacStealer must then find a way to distribute it to their victims, as the developer only sells the malware. Those that decide to run the malicious executable will be prompted with a fake password popup, through which they’d give MacStealer the permission to collect sensitive information from the compromised endpoint.
This new custom macOS malware seizes control of your Google Drive account>This creepy macOS malware secretly takes screenshots of your device>These are the best ID theft protection services right now
That being said, the tool is able to do quite a few things, including stealing account passwords, cookies, and credit card details stored in popularbrowserssuch as Firefox, Chrome, or Brave; exfiltrating the Keychain database in base64 encoded form; gather system information; gather Keychain password information; and grab data from some of the most popular cryptocurrency wallets (MetaMask, Exodus, Tron, Binance, and others).
Once it collects all of the information it needs, it compresses them into a .ZIP file and mails them back to its command & control server. Furthermore, it sends basic data to the malware operators’ pre-configured Telegram channel, notifying them of the successful operation.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
MacOS malware aren’t that common, but they do happen. Last month, BleepingComputer reminds, security researchers discovered such malware in a phishing campaign targeting The Sandbox players. This malware also hunted for information stored in browsers, as well as cryptocurrency wallet information.
Via:BleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
A new form of macOS malware is being used by devious North Korean hackers
Scammers are using fake copyright infringement claims to hack businesses
Belkin’s Travel Bag for Vision Pro has pockets and is way cheaper than Apple’s own case
