MacStealer Malware Plucks Bushels of Data From Apple UsersMacStealer Malware Plucks Bushels of Data From Apple Users
A novel cyber threat against macOS users is being sold for $100 a pop on the Dark Web, and activity is ramping up.
March 28, 2023

An information-stealing malware that targets Apple's macOS operating system is making the cyberrounds, siphoning off documents, iCloud keychain data-like passwords, browser cookies, and more from unwitting Apple users.
Appropriately dubbed "MacStealer," it's going for just $100 per build on the cyber underground, so it's no surprise that "more MacStealer samples have been spreading recently," according to a recent Uptycs analysis on the threat.
The malware affects the Catalina version of macOS and subsequent versions that use Intel M1 and M2 CPUs. It also uses the encrypted Telegram messaging platform for command-and-control (C2), the researchers found.
To propagate, operators are looking for low-hanging fruit, hoping to harvest victims by luring them to download .DMG files, which are containers for macOS apps. Fake apps in app stores, piracy websites, or email attachments could all be potential conduits for infection.
"The bad actor uses a .DMG file to spread the malware. After a user executes the file, it opens a fake password prompt," Uptycs researchers explained in the post. "Once the user enters their login credentials, the stealer … [compresses] the data and sends it to C2 via a POST request using a Python User-Agent request. It deletes the data and ZIP file from the victim's system during a subsequent mop-up operation."
This is just the latest malware to target Macs in recent months. In February, pirated versions of Apple's Final Cut Pro video-editing software were found delivering a version of the XMRig cryptocurrency mining tool. And last year, a previously-unknown, macOS spyware called "CloudMensis" surfaced in a highly targeted campaign, exfiltrating documents, keystrokes, screen captures, and more from Apple machines.
About the Author(s)
You May Also Like
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and Phishing
Nov 01, 2023SecOps & DevSecOps in the Cloud
Nov 06, 2023What's In Your Cloud?
Nov 30, 2023Everything You Need to Know About DNS Attacks
Nov 30, 2023