A new type of macOS malware called MacStealer has been discovered, capable of stealing iCloud Keychain data and passwords from Apple users.
Once installed on a victim’s computer, MacStealer is designed to target the user’s iCloud Keychain, a feature that stores usernames, passwords, and credit card information across all their Apple devices.
In a recent attack, hackers siphoned sensitive data from compromised Apple macOS devices through a new information-stealing malware.
In MacStealer, Telegram exfiltrates data through a command-and-control (C2) platform. Most affected devices run macOS versions Catalina and later, powered by M1 or M2 CPUs. MacStealer can steal documents, cookies, and login information.
Despite its recent advertisement on hackers’ forums, the malware is still in its infancy. Its developers plan to add features that will collect data from Apple’s Safari browser and Notes application in the near future.
It extracts data and passwords from browsers such as Google Chrome, Mozilla Firefox, and Brave, including iCloud Keychain data and passwords. Aside from harvesting Microsoft Office files, images, and archives, the program also supports the execution of Python scripts.
It is unknown how the malware was delivered, but the DMG file (weed.dmg) is used to spread the malware, which opens a fake password prompt that steals passwords while claiming to access System Settings.
There have been several info-stealers recently, and MacStealer adds to many. Various new malware pieces are included in this package, including HookSpoofer, a C#-based piece of malware that provides keylogging and clipper capabilities and sends stolen data to a Telegram bot.
Stealer malware is generally distributed by email attachments, fake download files, and other social engineering tactics.
It is suggested that users maintain their os and malware protection updated and avoid opening files or visiting links from unfamiliar materials to reduce such attacks.
According to SentinelOne analyst Phil Stokes, “the more relevant the storage of data on them is to hackers as Macs are becoming incredibly popular in the workplace among management and development staff.”