Security News > 2023 > March > New MacStealer macOS Malware Steals iCloud Keychain Data and Passwords
A new information-stealing malware has set its sights on Apple's macOS operating system to siphon sensitive information from compromised devices.
First advertised on online hacking forums at the start of the month, it is still a work in progress, with the malware authors planning to add features to capture data from Apple's Safari browser and the Notes app.
In its current form, MacStealer is designed to extract iCloud Keychain data, passwords and credit card information from browsers like Google Chrome, Mozilla Firefox, and Brave.
The exact method used to deliver the malware is not known, but it is propagated as a DMG file that, when executed, opens a fake password prompt to harvest the passwords under the guise of seeking access to the System Settings app.
This also includes another piece of new C#-based malware called HookSpoofer that's inspired by StormKitty and comes with keylogging and clipper abilities and transmits the stolen data to a Telegram bot.
Another browser cookie-stealing malware of note is Ducktail, which also uses a Telegram bot to exfiltrate data and re-emerged in mid-February 2023 with improved tactics to sidestep detection.
News URL
https://thehackernews.com/2023/03/new-macstealer-macos-malware-steals.html
Related news
- XCSSET macOS malware returns with first new version since 2022 (source)
- Microsoft spots XCSSET macOS malware variant used for crypto theft (source)
- Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics (source)
- The XCSSET info-stealing malware is back, targeting macOS users and devs (source)
- New FrigidStealer Malware Targets macOS Users via Fake Browser Updates (source)
- Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems (source)