newly-discovered malware steals passwords and exfiltrates knowledge from contaminated Macs • Graham Cluley

I’m nonetheless encountering individuals who, even in any case these years, imagine that their Apple Mac computer systems are someway magically invulnerable to ever being contaminated by malware.

That is although malware has been infecting completely different incarnations of Apple pc for even longer than PCs, that macro malware typically doesn’t care what working system you’re utilizing, that there are firms who had over 25 years’ value of success creating anti-virus software program for Macs, and that even Apple itself has been releasing updates to MacOS’s built-in anti-virus defences since 2009.

Sure, there’s so much lot extra malware for PCs than Macs, however that doesn’t imply that the issue doesn’t exist in any respect. And chances are you’ll really feel very smug not operating any sort of anti-virus in your Mac, however you’ll in all probability have the smile wiped off your face should you come a cropper.

Sign up to our newsletter
Security news, advice, and tips.

With that in thoughts, it’s value sharing that boffins at Uptycs shared particulars of some newly-discovered macOS malware final month, that they’ve dubbed “MacStealer.”

In response to Uptypcs, MacStealer is being distributed on darkish net boards for as little as $100 as a software for stealing the passwords, cookies, and bank card particulars from Google, Firefox, and Chrome browsers. As well as, the malware can steal Keychain knowledge, and umpteen various kinds of knowledge recordsdata (together with paperwork, spreadsheets, shows, pictures, databases, and archives) – sending exfiltrated knowledge again to hackers through Telegram.

Regardless of MacStealer’s creator claiming it’s a “first beta model”, it’s stated to help Intel in addition to M1 and M2 Macs, and works on macOS 10 (Catalina) to the most recent macOS 13 (Ventura).

In response to Uptycs, the malware is being unfold in a reasonably rudimentary method. Operating a boobytrapped .DMG file may cause a faux System Preferences immediate to seem that asks for the consumer’s password.

As soon as the hackers have your pc’s password, your issues are going to get a complete lot worse.

There’s no indication that MacStealer is in widespread use by cybercriminals, however regardless it is sensible to guard your pc – no matter working system you select to run.

Discovered this text attention-grabbing? Follow Graham Cluley on Twitter or Mastodon to learn extra of the unique content material we submit.

Graham Cluley is a veteran of the anti-virus trade having labored for numerous safety corporations because the early Nineties when he wrote the primary ever model of Dr Solomon’s Anti-Virus Toolkit for Home windows. Now an impartial safety analyst, he commonly makes media appearances and is an international public speaker on the subject of pc safety, hackers, and on-line privateness.
Observe him on Twitter at @gcluley, on Mastodon at @[email protected], or drop him an email.