Security researchers have come across a new piece of malware designed to steal data from Macs on a larger scale. Dubbed the “MacStealer,” the tool is offered as a service on Dark Web hacking forums and can extract a range of sensitive data from a compromised Mac, including passwords and credit card information stored in the central keychain and in browsers such as Chrome. The malware also seems to be particularly interested in crypto wallets, and the malware also wants to access a long list of document types.
The attacker should then receive a message in a channel of the messenger Telegram, along with a link to the ZIP archive with the extracted data. Several Windows malware specimens have already been found this year that use Telegram as a control center, notes Uptycsthis is now the first Mac version.
Mac malware priced at $100 each
According to the security researchers, MacStealer is offered as a ready-made disk image on the forums for only $100 and is said to work on all recent macOS versions up to macOS 13 Ventura – as well as on Intel and newer ARM Macs. The “MacOS Stealer” is still a beta, the provider warns in screenshots documented by Uptycs, further customization options will follow later. One of the programmers got infected with Covid and another “scammer” is trying to sell the stealer for a lot of money – that’s why the tool is offered for little money.
The malware is distributed unsigned, so it must first be signed and distributed before it can actually attack Mac users. In addition, users have to run the malware themselves and fall for a dialog that supposedly asks for the login password to access the system settings. According to the screenshots, the program is called “Weed”.
All alarm bells should be ringing with such dialogs for entering a password.
(Image: Uptycs)
Safari keychain stealing not yet supported
According to the provider, the malware is able to use the password to access the login keychain and access data from other browsers, but not Safari’s password database, i.e. the iCloud keychain. But they are working on it, according to the provider of the malware. According to Uptycs, there are numerous orders for the malware, so it can be expected that it will soon spread further. According to security researchers, users should update their Mac software and only install software from trusted sources.
(lbe)
