MacStealer Malware Strikes: iCloud Keychain Data and Passwords at Risk for Apple Users

Reading Time: ( Word Count: )

March 27, 2023
Nextdoorsec-course

A new type of macOS malware called MacStealer has been discovered, capable of stealing iCloud Keychain data and passwords from Apple users. 

Once installed on a victim’s computer, MacStealer is designed to target the user’s iCloud Keychain, a feature that stores usernames, passwords, and credit card information across all their Apple devices. 

In a recent attack, hackers siphoned sensitive data from compromised Apple macOS devices through a new information-stealing malware.

Also Read: “Emotet Returns with New Trick: Dodges Macro Security with OneNote Attachments”

In MacStealer, Telegram exfiltrates data through a command-and-control (C2) platform. Most affected devices run macOS versions Catalina and later, powered by M1 or M2 CPUs. MacStealer can steal documents, cookies, and login information.

Despite its recent advertisement on hackers’ forums, the malware is still in its infancy. Its developers plan to add features that will collect data from Apple’s Safari browser and Notes application in the near future.

MacStealer Malware Strikes

It extracts data and passwords from browsers such as Google Chrome, Mozilla Firefox, and Brave, including iCloud Keychain data and passwords. Aside from harvesting Microsoft Office files, images, and archives, the program also supports the execution of Python scripts.

It is unknown how the malware was delivered, but the DMG file (weed.dmg) is used to spread the malware, which opens a fake password prompt that steals passwords while claiming to access System Settings.

There have been several info-stealers recently, and MacStealer adds to many. Various new malware pieces are included in this package, including HookSpoofer, a C#-based piece of malware that provides keylogging and clipper capabilities and sends stolen data to a Telegram bot.

Stealer malware is generally distributed by email attachments, fake download files, and other social engineering tactics.

It is suggested that users maintain their os and malware protection updated and avoid opening files or visiting links from unfamiliar materials to reduce such attacks.

According to SentinelOne analyst Phil Stokes, “the more relevant the storage of data on them is to hackers as Macs are becoming incredibly popular in the workplace among management and development staff.”

Saher Mahmood

Saher Mahmood

Author

Saher is a cybersecurity researcher with a passion for innovative technology and AI. She explores the intersection of AI and cybersecurity to stay ahead of evolving threats.

Other interesting articles

Top Security Practices to Protect Your Data in Cloud Services

Top Security Practices to Protect Your Data in Cloud Services

Cloud services make storing and accessing your data simple and flexible, but they also bring new security ...
Boosting Efficiency With Law Firm IT Solutions: A Guide for Small Practices

Boosting Efficiency With Law Firm IT Solutions: A Guide for Small Practices

Small law firms often juggle multiple responsibilities with limited resources, making efficiency a top priority. ...
Automated vs Manual Penetration Testing

Automated vs Manual Penetration Testing

Pentesting is largely divided into two methodologies: Automated vs Manual Penetration Testing. Both have ...
0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *