MacStealer malware grabs passwords, files, and credit card details
iOS VPN App
Security researchers have identified a new piece of Mac malware, which they’ve dubbed MacStealer. The malware extracts your iCloud passwords, a wide variety of files, and credit card details stored in browsers.
The good news, however, is that you’d have to be very naive to fall victim to it …
Macworld reports on the discovery.
Uptycs found that MacStealer can get passwords, cookies, and credit card data from Firefox, Google Chrome, and Microsoft Brave browsers. It can extract several different file types, including, .txt, .doc, .jpg, and .zip, and it can extract the KeyChain database. According to information Uptycs gathered from the dark web, MacStealer’s makers are working on the ability to harvest Safari passwords and cookies, as well as data in the Notes app.
Once run, the malware gathers the data, compresses it all into a single zip file, sends the file to the bad guys, and then deletes the file from your Mac.
The report says Apple doesn’t appear to have blocked it.
It’s unclear if MacStealer has been logged in the CVE.report database that tracks vulnerabilities and exposures, and Apple has not commented on the malware. Apple released updates for macOS Big Sur, Monterey, and Ventura on Monday, but based on the security notes, those updates do not appear to include patches for MacStealer.
However, this type of attack doesn’t require Apple to update macOS to block it: such malware can be blocked by a simple update to X-Protect.
But the risk to tech-savvy users is very low
While the malware is powerful, it’s exceedingly unlikely that 9to5Mac readers would fall for it. First, it isn’t digitally signed, so will be blocked by Gatekeeper on most Macs.
Second, it appears to have been distributed via an app called Weed, with a marijuana icon. You would need to manually install and run the app, and then enter your Mac password to grant it access to System Settings for it to work.
However, it would be trivial to give the app a more convincing name and icon. Last month, for example, well-hidden cryptomining malware was found inside pirate copies of Final Cut Pro. You should of course only ever download…