New information-stealing malware has set its sights on Apple’s macOS operating system to siphon sensitive information from compromised devices.
dubbing Max Thieler, which is the latest example of a threat using Telegram as a command and control (C2) platform to exfiltrate data. This primarily affects devices running macOS versions Catalina and later running on M1 and M2 CPUs.
According to Uptycs researchers Shilpesh Trivedi and Pratik Jeware in a new report:
The malware, which was first advertised on an online hacking forum earlier this month, is still a work in progress, with the malware authors planning to add the ability to retrieve data from Apple’s Safari browser and Notes app. I’m here.
In its current form, MacStealer is designed to extract iCloud Keychain data, passwords and credit card information from browsers such as Google Chrome, Mozilla Firefox and Brave. It also supports collecting Microsoft Office files, images, archives, and Python scripts.
The exact method used to deliver the malware is unknown, but it spreads as a DMG file (weed.dmg), which when executed opens a fake password prompt and pretends to request access to the System Settings app. Collect passwords. .
MacStealer is one of several information stealers that have emerged in recent months, adding to the already large number of similar tools currently in the wild.
It also includes another new C#-based malware called HookSpoofer, inspired by StormKitty, with keylogging and clipper functionality to send stolen data to the Telegram bot.
Another notable malware that steals browser cookies is Ducktail. Ducktail also used his Telegram bot to steal data and re-emerged in mid-February 2023 with improved tactics to avoid detection.
This includes “changing the initial infection from an archive containing a malicious executable to an archive containing a malicious LNK file that starts the infection chain,” says Deep Instinct researcher Simon. Kenin said earlier this month.
Discover the hidden dangers of third-party SaaS apps
Are you aware of the risks associated with third-party app access to your company’s SaaS apps? Join our webinar to learn about the types of permissions granted and how to minimize the risks.
reserve a seat
Stealer malware is typically spread through various channels such as email attachments, fake software downloads, and other social engineering techniques.
To mitigate such threats, we recommend keeping your operating system and security software up to date and avoiding downloading files and clicking links from unknown sources.
SentinelOne researcher Phil Stokes said last week, “The growing popularity of Macs among corporate executives and development teams means that data stored on Macs is becoming increasingly important to attackers. .
