PROTECTING YOUR MAC: A NEW MALWARE THREAT AND HOW TO STAY SAFE

MichaelK.eth
Partnership Director at Wallet Guard

Protecting Your Mac: A New Malware Threat and How to Stay Safe

Are you a Mac user concerned about cybersecurity threats? Recently, a new malware named MacStealer has been making headlines in the tech industry. The malware targets Mac users and steals their credentials, cryptocurrency wallets, and sensitive files, such as those stored in iCloud KeyChain and web browsers. Here’s everything you need to know to stay safe.

What is MacStealer?

MacStealer is a type of malware-as-a-service (MaaS) that is being distributed on dark web hacking forums. The developer sells premade builds for $100, allowing purchasers to spread the malware in their campaigns. According to Uptycs, a threat research team, MacStealer can run on macOS Catalina (10.15) and up to the latest version of Apple's OS, Ventura (13.2).

The malware targets Mac users and steals a variety of data, including:

  • Account passwords, cookies, and credit card details from Firefox, Chrome, and Brave.
  • TXT, DOC, DOCX, PDF, XLS, XLSX, PPT, PPTX, JPG, PNG, CSV, BMP, MP3, ZIP, RAR, PY, and DB files.
  • The Keychain database (login.keychain-db) in base64 encoded form.
  • System information.
  • Keychain password information.
  • Cryptocurrency wallets such as Coinomi, Exodus, MetaMask, Phantom, Tron, Martian Wallet, Trust wallet, Keplr Wallet, and Binance.

The Keychain database is a secure storage system in macOS that holds users' passwords, private keys, and certificates, encrypting it with their login password. The feature can then automatically enter login credentials on web pages and apps.

How does MacStealer work?

The threat actors distribute MacStealer as an unsigned DMG file that poses as something the victim is tricked into executing on their macOS. Upon doing so, a fake password prompt is served to the victim to run a command that allows the malware to collect passwords from the compromised machine.

The malware then collects all of the stolen data, stores them in a ZIP file, and sends it to remote command and control servers to be collected later by the threat actor. At the same time, MacStealer sends some basic information to a pre-configured Telegram channel, allowing the operator to be quickly notified when new data is stolen and download the ZIP file.

How can you protect yourself?

While MacStealer is a concerning threat, there are several steps you can take to protect yourself:

  • Download an anti-virus software such as MalwareBytes to protect your device from malware and viruses.
  • Only download files and software from trusted sources.
  • Be wary of clicking on links or downloading attachments from suspicious emails.
  • Keep your operating system and software up-to-date with the latest security patches.
  • Use two-factor authentication to protect your accounts.
  • Regularly back up your data to an external hard drive or cloud storage service.

By following these tips, you can reduce the risk of falling victim to MacStealer and other types of malware. Stay vigilant and keep your Mac secure.

References: https://www.bleepingcomputer.com/news/security/new-macstealer-macos-malware-steals-passwords-from-icloud-keychain/

Wallet Guard logo
Published on
March 28, 2023

Related Articles