Uptycs, a cybersecurity company that discovered the information-stealing malware while searching for threats on the dark web, is warning that Mac computers have been the latest targets of updated info-stealing malware.
The iCloud Keychain can easily access cryptocurrency wallets with the help of MacStealer. This is an innovative malware that steals your credentials from your web browsers, cryptocurrency wallets, and potentially sensitive files stored in your iCloud Keychain.
The MacStealer malware is distributed as malware-as-a-service (MaaS), whereby the developer sells pre-built builds for $100, allowing customers to run their marketing campaigns and spread the malware to their victims.
On the dark web, cybercriminals use Mac computers as a breeding ground to launch malware and conduct illegal activities. This makes the dark web a prime place to conduct illegal activities and launch malware.
Upon discovering the newly discovered macOS malware, the Uptycs threat research team reported that it could run on multiple versions of Mac OS. This included the current Mac OS, Catalina (10.15), and the latest and greatest Apple OS, Ventura (13.2).
Sellers claim that the malware is still in beta testing and that there are no panels or builders available.
In China, Big Sur, Monterey, and Ventura provides rebuilt DMG payloads that infect macOS with malware.
To charge a low $100 price for a piece of malware without a builder and panel, the threat actor uses this fact. Despite this, he will release more advanced features as soon as possible.
A new threat named MacStealer is using Telegram as a command and control (C2) platform to exfiltrate data, with the latest example being called PharmBot. There is a problem that affects primarily computers running MacOS Catalina and later with CPUs built on the M1 or M2 architecture.
According to Uptycs' Shilpesh Trivedi and Pratik Jeware in their latest report on the MacStealer exploit, the tool steals files and cookies from the victim's browser and login information.
In its first advertising on online hacking forums at the beginning of the month, this project was advertised for $100, but it is still far from being finished. There is an idea among the malware authors of adding features to allow them to access notes in Apple's Notes app and Safari web browser.
Functioning of Malware
MacStealer is distributed by the threat actors using an unsigned DMG file which is disguised as being something that can be executed on Mac OS if it is tricked into going into the system.
As a result, the victim is presented with a fake password prompt to run the command, which is made to look real. The compromised machine becomes vulnerable to malware that collects passwords from it.
Once it has collected all the data described in the previous section, the malware then begins to spread. As soon as the stolen data is collected, it is stored in a ZIP file. It is then sent to a remote server for processing and analysis. Later on, the threat actor will be in a position to collect this information as well.
Additionally, MacStealer is also able to send some basic information to a pre-configured Telegram channel, which allows the operator to be notified immediately when updates to the stolen data have been made, which will enable him to download the ZIP file immediately as well.
What can You do to Protect Your Mac?
You can do a few things right now to ensure that you have the latest software update installed on your Mac computer, beginning with opening the Settings app and checking that it is the latest version.
The first thing you should do is install it as soon as possible if it has not been installed already. You should make sure that all of your Apple devices are up-to-date before you begin using them since Apple is constantly improving its security.
Your devices will be protected from malware if you use antivirus software, which protects you from potentially malicious links on the internet. By clicking the magnifying glass icon at the top of my webpage, you can find my expert review of the highest-rated antivirus protection for your Windows, Mac, Android, and iOS devices, which includes reviews of which ranked antivirus protection for Windows, Mac, Android, and iOS devices.
Different forms of malware, such as email attachments, bogus software downloads, and other techniques of social engineering, are utilized to spread stealer malware.
Keeping up-to-date the operating system and security software of the computer is one of the best ways to mitigate such threats. In addition, they should not download files from unknown sources or click on links they find on the internet.
"It becomes more important for data stored on Macs to be protected from attackers as Macs become more popular among leadership teams as well as development and design teams within organizations", SentinelOne researcher Phil Stokes said in a statement last week.
