Security researchers have published a paper detail the arrival of new malware that goes after sensitive data point that ’s store on your Mac , include passwords and credit scorecard data point . According tothe protection team at Uptycs , the “ MacStealer ” malware can attack Macs running macOS Catalina or later , with either Intel or Apple M - series silicon chip .
Uptycs found that MacStealer can get passwords , cookies , and credit notice data from Firefox , Google Chrome , and Brave internet browser . It can draw out several different file case , include , .txt , .doc , .jpg , and .zip , and it can extract the KeyChain database . consort to data Uptycs gathered from the glowering web , MacStealer ’s shaper are working on the ability to harvest Safari countersign and cookies , as well as data in the Notes app .
“ The bad worker practice a .DMG file to spread the malware . After a substance abuser perform the file , it open a fake password command prompt to gather passwords using the fall out command line , ” according to Uptycs ’ report . MacStealer appear to propagate through a “ weed.dmg ” executable file . When the “ skunk ” app launch , a pop - up come out , stating that “ MacOS wants to enter the System Preferences ” and a boxwood below that is for the substance abuser to enter the account password .
After that , MacStealer goes to work , assemble the data , compressing it as a Zip file , post it to the MacStealer maker , and then deleting the stolen information to hide its tracks . The manufacturer then hands the data off to whoever contracted MacStealer .
Uptycs regain MacStealer through “ dark web hunting , ” where the maker posted about MacStealer ’s ability and its availability to high-risk actors for $ 100 per build . It ’s unknown how the “ weed.dmg ” is distribute by the big actor , but the DMG data file only needs to be launch for a Mac to be infect . Why the app described here is reasonably well-off to avoid , it ’s not hard to imagine a hackerusing a more popular appfor dissemination .
It ’s unclear if MacStealer has been enter theCVE.reportdatabase that tracks vulnerability and exposures , and Apple has not remark on the malware . Apple unfreeze updates for macOSBig Sur , Monterey , andVenturaon Monday , but based on the certificate notes , those updates do not appear to let in patches for MacStealer .
Still , Apple free security patches through O updates , so it ’s a secure estimate to keep your Mac up to date . When you need to download software , get it from trusted sources , such as the App Store ( which bring in security measures checks of its software ) . Also , check out ourguide to the best antivirus software for Mac . We also have alist of every Mac virusand advice aboutwhether Macs need antivirus software .
