Recently, a new malware has been discovered that targets macOS users by disguising itself as the much-awaited game, GTA 6. The malware is designed to steal sensitive information, especially access credentials, from unsuspecting victims. Once collected, this data is sent to external servers, putting the victim’s safety and privacy at risk.
According to the findings published by Moonlock blog, this malware is a variant of data theft software called PSW. It is a trojan that installs itself on computers to collect sensitive data and send it to third parties. While this threat has many different names, the fake GTA 6 game can cause the most damage as many less experienced users are more likely to download it, thinking it is a new game by Rockstar.
To install the malware on the victim’s computer, the attackers use sophisticated techniques to bypass the Gatekeeper security mechanism on macOS. They provide instructions to the user on how to overcome the mechanism if they want to install GTA 6 (fake) on their computer.
Once installed, the malware targets the database that stores macOS users’ access credentials. However, to access this database, the attackers need the system password. Therefore, they display a fake settings window where the user is prompted to enter system credentials. The victim enters their data into the window, allowing the malware to use it and achieve its goal.
With access to the system, the malware starts collecting access credentials from popular browsers like Chrome, Firefox, Brave, Edge, Opera, and OperaGX. This data is stored in a secret folder waiting for an opportunity to be sent to an external server operated by hackers.
It is important to note that as the number of macOS users increases, so do the threats targeting this system. In 2023 alone, 21 new malware families were discovered that specifically target macOS, representing a 50% growth compared to 2022. Therefore, users are advised to avoid installing applications that do not come from an official Apple store and do not follow instructions to bypass the Gatekeeper security mechanism.
