A new MetaStealer malware that attempts to steal sensitive information is currently actively targeting Intel-based macOS systems. Sensitive information for Meta and Telegram services are particularly targeted.
According to SentinelOne researchers, the Go-based new MetaStealer malware developed is capable of bypassing Apple’s built-in anti-virus technology XProtect. The malware shares some similarities with the previously discovered Atomic Stealer malware, which was also Go-based. However, the code overlap is limited and the MetaStealer malware found also possesses other delivery methods.
The malware is distributed phishing messages. These contain a DMG file that bears the icon of a PDF file. When these are opened, the macOS system is infected.
The malware mainly focuses on stealing information stored on the system such as passwords, files and application data. More specifically, those keychains and passwords for Meta and Telegram services. It then attempts to exfiltrate them via TCP port 3000.
Systems affected by the new infostealer malware are mostly Intel-based Mac systems. Macs running on Apple’s own M1 and M2 processors are not affected unless users are running Rosetta software.