New MacStealer macOS Malware Steals iCloud Keychain Data and Passwords

Teilen:

A new information-stealing malware has set its sights on Apple’s macOS operating system to siphon sensitive information from compromised devices.

Dubbed MacStealer, it’s the latest example of a threat that uses Telegram as a command-and-control (C2) platform to exfiltrate data. It primarily affects devices running macOS versions Catalina and later running on M1 and M2 CPUs.

“MacStealer has the ability to steal documents, cookies from the victim’s browser, and login information,” Uptycs researchers Shilpesh Trivedi and Pratik Jeware sagte in einem neuen Bericht.

First advertised on online hacking forums for $100 at the start of the month, it is still a work in progress, with the malware authors planning to add features to capture data from Apple’s Safari browser and the Notes app.

In its current form, MacStealer is designed to extract iCloud Keychain data, passwords and credit card information from browsers like Google Chrome, Mozilla Firefox, and Brave. It also features support for harvesting Microsoft Office files, images, archives, and Python scripts.

 

 

The exact method used to deliver the malware is not known, but it is propagated as a DMG file (weed.dmg) that, when executed, opens a fake password prompt to harvest the passwords under the guise of seeking access to the System Settings app.

MacStealer is one of several info-stealers that have surfaced just over the past few months and adds to an already large number of similar tools currently in the wild.

MacStealer macOS Malware

This also includes another piece of new C#-based malware called HookSpoofer that’s inspired by StormKitty and comes with keylogging and clipper abilities and transmits the stolen data to a Telegram bot.

Another browser cookie-stealing malware of note is Ducktail, which also uses a Telegram bot to exfiltrate data and re-emerged in mid-February 2023 with improved tactics to sidestep detection.

This involves “changing the initial infection from an archive containing a malicious executable to an archive containing a malicious LNK file that would start the infection chain,” Deep Instinct researcher Simon Kenin sagte earlier this month.

WEBINAR

Discover the Hidden Dangers of Third-Party SaaS Apps

Are you aware of the risks associated with third-party app access to your company’s SaaS apps? Join our webinar to learn about the types of permissions being granted and how to minimize risk.

RESERVE YOUR SEAT

Stealer malware is typically spread through different channels, including email attachments, bogus software downloads, and other social engineering techniques.

To mitigate such threats, it’s recommended that users keep their operating system and security software up to date and avoid downloading files or clicking links from unknown sources.

“As Macs have become increasingly popular in the enterprise among leadership and development teams, the more important the data stored on them is to attackers,” SentinelOne researcher Phil Stokes sagte letzte Woche.

 

(c) Ravie Lakshmanan

Kommentar verfassen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

lade-bild
London, GB
4:55 am, Juli 8, 2025
Wetter-Symbol 13°C
L: 12° | H: 13°
wenige Wolken
Luftfeuchtigkeit: 79 %
Druck: 1015 mb
Wind: 8 mph NW
Windböe: 11 mph
UV-Index: 0
Niederschlag: 0 mm
Wolken: 13%
Regen Chance: 0%
Sichtbarkeit: 10 km
Sonnenaufgang: 4:53 am
Sonnenuntergang: 9:17 pm
TäglichStündlich
Tägliche VorhersageStündliche Vorhersage
Today 10:00 pm
Wetter-Symbol
12° | 13°°C 0.64 mm 64% 9 mph 79 % 1019 mb 0 mm/h
Tomorrow 10:00 pm
Wetter-Symbol
15° | 25°°C 0.13 mm 13% 7 mph 59 % 1022 mb 0 mm/h
Do. Juli 10 10:00 pm
Wetter-Symbol
18° | 30°°C 0 mm 0% 8 mph 72 % 1023 mb 0 mm/h
Fr. Juli 11 10:00 pm
Wetter-Symbol
19° | 30°°C 0 mm 0% 10 mph 66 % 1022 mb 0 mm/h
Sa. Juli 12 10:00 pm
Wetter-Symbol
18° | 29°°C 0 mm 0% 11 mph 74 % 1020 mb 0 mm/h
Today 7:00 am
Wetter-Symbol
12° | 13°°C 0.64 mm 64% 9 mph 79 % 1015 mb 0 mm/h
Today 10:00 am
Wetter-Symbol
16° | 18°°C 0 mm 0% 9 mph 58 % 1017 mb 0 mm/h
Today 1:00 pm
Wetter-Symbol
20° | 20°°C 0 mm 0% 7 mph 34 % 1018 mb 0 mm/h
Today 4:00 pm
Wetter-Symbol
24° | 24°°C 0 mm 0% 7 mph 29 % 1017 mb 0 mm/h
Today 7:00 pm
Wetter-Symbol
21° | 21°°C 0 mm 0% 7 mph 29 % 1018 mb 0 mm/h
Today 10:00 pm
Wetter-Symbol
20° | 20°°C 0 mm 0% 4 mph 41 % 1019 mb 0 mm/h
Tomorrow 1:00 am
Wetter-Symbol
17° | 17°°C 0 mm 0% 5 mph 48 % 1020 mb 0 mm/h
Tomorrow 4:00 am
Wetter-Symbol
15° | 15°°C 0 mm 0% 4 mph 59 % 1021 mb 0 mm/h
Name Preis24H (%)
Bitcoin(BTC)
€91,940.01
-1.42%
Ethereum(ETH)
€2,160.48
-1.71%
Fesseln(USDT)
€0.85
-0.01%
XRP(XRP)
€1.93
-0.54%
Solana(SOL)
€126.80
-2.29%
USDC(USDC)
€0.85
0.00%
Dogecoin(DOGE)
€0.143031
-4.38%
Shiba Inu(SHIB)
€0.000010
-2.19%
Pepe(PEPE)
€0.000009
-3.38%
Nach oben scrollen