New MacStealer malware examined | SC Media

BleepingComputer reports that Mac devices running from macOS Catalina to macOS Ventura are being targeted by the new MacStealer information-stealing malware, which has the capability to exfiltrate iCloud KeyChain data and browser-stored information, as well as cryptocurrency wallets and other sensitive data.

MacStealer has been deployed as an unsigned DMG file, which when executed would trigger a fake password prompt to run a command enabling password collection, according to a report from Uptycs.

After conducting the data gathering process, MacStealer proceeds to store the data in a ZIP file, which is then delivered to remote command-and-control servers. Certain data is also being concurrently sent by the malware to a pre-configured Telegram channel, enabling quick notifications to attackers regarding the theft of new data, said researchers.

The emergence of MacStealer comes a month after the discovery of another information-stealing malware by security researcher iamdeadlyz. Such malware was deployed in a phishing campaign aimed at individuals playing the blockchain game “The Sandbox.”