MacStealer Malware Strikes: iCloud Keychain Data and Passwords at Risk for Apple Users

Reading Time: ( Word Count: )

March 27, 2023

A new type of macOS malware called MacStealer has been discovered, capable of stealing iCloud Keychain data and passwords from Apple users. 

Once installed on a victim’s computer, MacStealer is designed to target the user’s iCloud Keychain, a feature that stores usernames, passwords, and credit card information across all their Apple devices. 

In a recent attack, hackers siphoned sensitive data from compromised Apple macOS devices through a new information-stealing malware.

Also Read: “Emotet Returns with New Trick: Dodges Macro Security with OneNote Attachments”

In MacStealer, Telegram exfiltrates data through a command-and-control (C2) platform. Most affected devices run macOS versions Catalina and later, powered by M1 or M2 CPUs. MacStealer can steal documents, cookies, and login information.

Despite its recent advertisement on hackers’ forums, the malware is still in its infancy. Its developers plan to add features that will collect data from Apple’s Safari browser and Notes application in the near future.

MacStealer Malware Strikes

It extracts data and passwords from browsers such as Google Chrome, Mozilla Firefox, and Brave, including iCloud Keychain data and passwords. Aside from harvesting Microsoft Office files, images, and archives, the program also supports the execution of Python scripts.

It is unknown how the malware was delivered, but the DMG file (weed.dmg) is used to spread the malware, which opens a fake password prompt that steals passwords while claiming to access System Settings.

There have been several info-stealers recently, and MacStealer adds to many. Various new malware pieces are included in this package, including HookSpoofer, a C#-based piece of malware that provides keylogging and clipper capabilities and sends stolen data to a Telegram bot.

Stealer malware is generally distributed by email attachments, fake download files, and other social engineering tactics.

It is suggested that users maintain their os and malware protection updated and avoid opening files or visiting links from unfamiliar materials to reduce such attacks.

According to SentinelOne analyst Phil Stokes, “the more relevant the storage of data on them is to hackers as Macs are becoming incredibly popular in the workplace among management and development staff.”

Saher Mahmood

Saher Mahmood


Saher is a cybersecurity researcher with a passion for innovative technology and AI. She explores the intersection of AI and cybersecurity to stay ahead of evolving threats.

Other interesting articles

Automated vs Manual Penetration Testing

Automated vs Manual Penetration Testing

Pentesting is largely divided into two methodologies: Automated vs Manual Penetration Testing. Both have ...
8 Steps in Penetration Testing You Should Know

8 Steps in Penetration Testing You Should Know

Mastering the art of penetration testing has become a critical ability for security experts to combat cyber ...
Spear Phishing vs Whaling: What is the Difference

Spear Phishing vs Whaling: What is the Difference

Spear phishing is a particularly devious type of phishing assault in which the individual targeted plays a ...
How Often Should Penetration Testing Be Done

How Often Should Penetration Testing Be Done

Penetration testing is a crucial technique that involves simulating a cyberattack on networks, computer systems, ...

Submit a Comment

Your email address will not be published. Required fields are marked *