Information-stealing malware called MacStealer has been discovered, targeting Apple’s macOS operating system to steal sensitive information.
According to The Hacker News, MacStealer is the latest example of hackers using Telegram as a command and control platform to steal data. This malware affects devices running macOS Catalina versions or later with M1 and M2 CPUs.
According to the researchers, MacStealer is capable of stealing documents, cookies from the victim’s browser, and login information. This malware is advertised on hacker forums for 100 USD and is still in the process of being finalized. The authors of this malware plan to add features to collect data from Apple’s Safari browser and the Notes app.
SentinelOne researcher Phil Stokes said that as Macs become more common in businesses, the data stored becomes even more important to attackers.
Currently, the MacStealer version is designed to extract data from iCloud Keychain, passwords, and credit card information from browsers such as Google Chrome, Mozilla Firefox, and Brave. It also features support for collecting Microsoft Office files, images, archives, and Python scripts
It is still unclear how this malware was distributed, with some reports saying the program was spread as a DMG file. When executed, MacStealer will open a fake password input box with a message to access system settings (System Settings).
MacStealer is one of several information-stealing tools that have emerged in recent months. Before that was the HookSpoofer malware with the ability to record the keyboard (keylogger) and transmit the stolen data to Telegram’s bot. This messaging platform is also exploited by a browser cookie-stealing malware called Ducktail. According to The Hacker News, Ducktail is likely developed by a group of Vietnamese hackers.
Until now, most information-stealing malware is spread through channels such as email attachments, mistaken installation of fake software, etc. To minimize threats, users should update their operating systems. operating systems and security software, and avoid downloading files or clicking on links from unknown sources
