MacStealer Malware Extracts iCloud Keychain Data on macOS

Kamso Oguejiofor-Abugu Kamso Oguejiofor-Abugu

A recently identified information-stealing malware, MacStealer, is targeting macOS users, compromising their credentials in iCloud Keychain, web browsers, and cryptocurrency wallets, as well as gaining access to various sensitive files.

The Uptycs threat research team, which discovered MacStealer, has confirmed its compatibility with macOS Catalina (10.15) through to Apple’s latest OS, Ventura (13.2).

MacStealer can access account passwords, cookies, and credit card information from Firefox, Chrome, and Brave browsers and retrieve multiple file types, such as TXT, DOC, JPG, and ZIP files. Offered as a malware-as-a-service (MaaS) on dark web hacking forums, MacStealer’s premade builds are being sold for $100 each. Its developer has revealed that the malware is in the initial stages of development, with plans to introduce more sophisticated features in the future.

The malware spreads via a “weed.dmg” executable file, which, when launched, presents a fake password prompt to deceive users into providing their passwords. MacStealer then collects the data, compresses it into a ZIP file, forwards it to the threat actor.

Apple has not yet issued a statement about the malware, and it is uncertain whether MacStealer has been recorded in the CVE.report database that monitors vulnerabilities and exposures. Nevertheless, to protect against this threat, users should ensure their operating systems and security software are up to date and refrain from downloading files or clicking links from unfamiliar sources.

As macOS continues to gain popularity, particularly in enterprise environments, data stored on these devices becomes increasingly valuable to cybercriminals. This underlines the importance of exercising caution and using trusted sources, such as the App Store, for software downloads. The App Store conducts security checks on its software, providing an additional layer of protection.

Users should also consider employing quality antivirus software to safeguard their devices.

About the Author

About the Author

Kamso Oguejiofor is a former Content Writer at SafetyDetectives. He has over 2 years of experience writing and editing topics about cybersecurity, network security, fintech, and information security. He has also worked as a freelance writer for tech, health, beauty, fitness, and gaming publications, and he has experience in SEO writing, product descriptions/reviews, and news stories. When he’s not studying or writing, he likes to play basketball, work out, and binge watch anime and drama series.