This New MacOS Malware Targets ICloud Keychain To Steal All Of Your Information

Security experts have issued a warning to macOS users about a new piece of malware that is being advertised on the dark web and seeks to exfiltrate sensitive data such as passwords, cryptocurrency wallet information, and other similar information.

The Uptycs threat research team recently discovered a threat actor advertising their new product on the dark web, with the explicit goal of targeting macOS users.

The malware is being sold for $100, with the criminals claiming they are offering such a low price because the product is still in the early stages of development and lacks a builder or panel.

Passwords are being stolen

Instead, users can obtain a pre-built DMG payload for the following macOS versions: Catalina, Big Sur, Monterey, and Ventura (the latter is the latest macOS version).

Those who buy MacStealer must then figure out how to distribute it to their victims, as the developer only sells the malware. Those who run the malicious executable will be prompted with a fake password popup, allowing MacStealer to collect sensitive information from the compromised endpoint.

The tool is capable of stealing account passwords, cookies, and credit card details stored in popular browsers such as Firefox, Chrome, or Brave; exfiltrating the Keychain database in base64 encoded form; gathering system information; gathering Keychain password information; and stealing data from some of the most popular cryptocurrency wallets (MetaMask, Exodus, Tron, Binance, and others).

When it has gathered all of the necessary information, it compresses it into an a.ZIP file and sends it back to its command and control server. Furthermore, it sends basic data to the malware operators’ pre-configured Telegram channel, informing them that the operation was successful.

Malware for MacOS is uncommon, but it does occur. According to BleepingComputer, such malware was discovered last month in a phishing campaign targeting The Sandbox players. This malware also looked for information stored in browsers and cryptocurrency wallets.

Via: BleepingComputer

This new macOS malware targets iCloud Keychain to steal all of your information

Related Posts

Do you have problems copying and saving files across Windows? This could be the reason

Bitwarden now includes passkey support, giving you one less thing to worry about

Microsoft is finally releasing the feature that will compel me to upgrade to Windows 11

GitLab issues an emergency security patch and advises users to update immediately

Barracuda warns users about potential email compromise attacks; here’s what you should know