Security experts have warned macOS users about new malware announced on the dark web that seeks to leak sensitive data, such as passwords (opens in a new tab), crypto-currency wallet information, etc.
Cybersecurity researchers from the Uptycs threat research team recently detected a malicious actor advertising their new product on the dark web, with the explicit purpose of targeting macOS users.
The malware is priced at €100, and the criminals claim that they are so competitively priced because the product is still in early development and does not have a builder or panel.
steal passwords
Instead, users can get a pre-built DMG payload for different versions of macOS: Catalina, Big Sur, Monterey, and Ventura (the latter being the latest version of macOS).
Those who choose to purchase MacStealer must find a way to distribute it to their victims, as the developer only sells the malware. Those who decide to run the malicious executable will be prompted with a fake password pop-up, through which they would give MacStealer permission to collect sensitive information from the compromised endpoint.
That said, the tool is capable of doing several things, such as stealing account passwords, cookies, and credit card data stored in popular browsers like Firefox, Chrome, or Brave; exfiltrate the keychain database in base64 encoded form; collect system information; collect password information from keychains; and get data from some of the most popular cryptocurrency wallets (MetaMask, Exodus, Tron, Binance and others).
Once you've gathered all the information you need, you compress it into a .ZIP file and email it to your command and control server. Additionally, it sends basic data to the malware operators' pre-configured Telegram channel, notifying them of the successful operation.
MacOS malware is not that common, but it happens. Last month, BleepingComputer recalls, security researchers discovered such malware during a phishing campaign targeting The Sandbox players. This malware also searched for information stored in browsers, as well as information about cryptocurrency wallets.
Via: BleepingComputer (Opens in a new tab)