Despite their reputation for security, Macs can still get viruses, and this has just been proven by a malicious new Mac malware that can steal your credit card information and send it back to the attacker, ready for exploitation. It’s a reminder to be careful when opening apps from unknown sources.
The malware, named MacStealer, was discovered by Uptycs, a threat research company. It sucks up a wide range of your personal data including iCloud keychain password database, credit card details, cryptocurrency wallet credentials, browser cookies, documents and more. That means a lot could be at risk if it takes root on your Mac.
A fake password prompt created by macOS malware MacStealer. uptycs
MacStealer begins its attacks with an installer file called weed.dmg. Opening this will launch a fake password prompt, which will collect your credentials and use them to access your sensitive information, which will then be zipped and sent to a hacker-controlled server. Once done, the stolen data will be sent to interested parties on a dedicated Telegram channel.
Fortunately, although MacStealer can extract your Mac’s iCloud keychain database, it cannot extract the passwords stored in it. That’s because iCloud Keychain encrypts all data stored in it. As the attackers note, without a user’s master password, it is “nearly impossible” to obtain these passwords.
How to protect yourself
Right now, the malware’s developers are selling it for $100 per build, making it relatively affordable in the malware-as-a-service world. According to the developer, the low price is due to the lack of a user panel and any builder functionality, as well as the current beta status of the malware.
Unfortunately, it seems like the threat actor developing MacStealer has other ideas that they plan to incorporate into future versions. These include a cryptocurrency wallet drainer, a user control panel, the ability for clients to generate new builds themselves, and much more.
If you want to protect yourself from MacStealer (and other Mac malware), you should keep your Mac up to date with the latest patches from Apple and only allow apps to be installed from trusted sources (like the official App Store). Installing an antivirus app would also be a good idea, as would using one of the best password managers to keep your sensitive data locked and encrypted.