MacStealer – newly-discovered malware steals passwords and exfiltrates data from infected Macs

MacStealer - newly-discovered malware steals passwords and exfiltrates data from infected Macs

I’m still encountering people who, even after all these years, believe that their Apple Mac computers are somehow magically invulnerable to ever being infected by malware.

This is despite the fact that malware has been infecting different incarnations of Apple computer for even longer than PCs, that macro malware often doesn’t care what operating system you’re using, that there are firms who had over 25 years’ worth of success developing anti-virus software for Macs, and that even Apple itself has been releasing updates to MacOS’s built-in anti-virus defences since 2009.

Yes, there’s a lot lot more malware for PCs than Macs, but that doesn’t mean that the problem doesn’t exist at all. And you may feel very smug not running any type of anti-virus on your Mac, but you’ll probably have the smile wiped off your face if you come a cropper.

Sign up to our free newsletter.
Security news, advice, and tips.

With that in mind, it’s worth sharing that boffins at Uptycs shared details of some newly-discovered macOS malware last month, that they have dubbed “MacStealer.”

According to Uptypcs, MacStealer is being distributed on dark web forums for as little as $100 as a tool for stealing the passwords, cookies, and credit card details from Google, Firefox, and Chrome browsers. In addition, the malware can steal Keychain data, and umpteen different types of data files (including documents, spreadsheets, presentations, images, databases, and archives) – sending exfiltrated data back to hackers via Telegram.

Despite MacStealer’s author claiming it is a “first beta version”, it is said to support Intel as well as M1 and M2 Macs, and works on macOS 10 (Catalina) to the latest macOS 13 (Ventura).

According to Uptycs, the malware is being spread in a fairly rudimentary way. Running a boobytrapped .DMG file can cause a fake System Preferences prompt to appear that asks for the user’s password.

Macstealer dmg

Once the hackers have your computer’s password, your problems are going to get a whole lot worse.

There’s no indication that MacStealer is in widespread use by cybercriminals, but regardless it makes sense to protect your computer – whatever operating system you choose to run.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.