MacStealer malware targets Apple's macOS devices to steal sensitive information
According to a recent research from cybersecurity firm Uptycs, a new malware named MacStealer is targeting Apple’s macOS operating system to steal sensitive information, including documents, cookies, and login credentials.
The malware primarily affects devices running macOS versions Catalina and later on M1 and M2 CPUs, uses Telegram as a command-and-control platform to exfiltrate data and is delivered as a DMG file (weed.dmg) that opens a fake password prompt to harvest passwords.
The malware is still a work in progress, with the authors planning to add features to capture data from Safari and the Notes app.
Uptycs researchers Shilpesh Trivedi and Pratik Jeware advises users to keep their operating system and security software up to date and avoid downloading files or clicking links from unknown sources to mitigate such threats.
Indicator of Compromise
| SHA256/IP/URL |
|---|
| e51416f12f8c60e7593bef8b9fc55e04990aa047ad7e8abc22b511e7eb7586f6 |
| 1b5ef101ac0b3c0c98874546ec4277e6a926c36733ab824cece9212373559818 |
| f14dd83e60b8ca6d52e667ed85adafa9b849df33e428b005b05b7c6732de526a |
| 977cf1a74467e72b7fd9434bebd9e171a45b520ade960771b31f3bd5e9e4a5aa |
| 5031aa79912fb23bcbe2209e015974fccb4b9e9334a9e8801833f07bd3a5ccfc |
| 15d1afca780e2ea6ffec8c4862a3401e003b5e79ce5f9076b4eea4ab599bc4ce |
| 821ecdae151ed78eb4792d40a7787127927900a763f3249b31f37d7b67b5e1e5 |
| df71b5c99052b63de167f9c22b3cf6ded513ed6d1e1c74eff7af8cf9e4692714 |
| 1153fca0b395b3f219a6ec7ecfc33f522e7b8fc6676ecb1e40d1827f43ad22be |
| e01eec798a326a1e0beb767cdd0f185e19361871de82e23568042e9fc6128bb6 |
| acef9f3f215335462e2e2e4bacbe6c52e48e764e7174fe46966e29902f6a1890 |
| d61666b49ef700cbd59c744bf5fca2e850be55a52f415102cf3ea1c1c2db18d4 |
| 2abc380ad22c47db0035df1f0e6e00a7fabcb5d4afd913e2474478ea11ea6a63 |
| 7eed5a8f486aaba3948307f165a636df83857ab6cea21b8fd5e0ff758bb134b3 |
| 61f3cd0a7c8191745080aa7b2e0695c3a57327f1f226d9fc7a4be3cee14a2375 |
| 1b0684ab02071f8bb03967866596efcea92a48e49f8b1013a6301653f7687e74 |
| 9b17aee4c8a5c6e069fbb123578410c0a7f44b438a4c988be2b65ab4296cff5e |
| 6a4f8b65a568a779801b72bce215036bea298e2c08ec54906bb3ebbe5c16c712 |
| hxxp[:]//mac[.]cracked23[.]site/uploadLog |
| mac[.]cracked23[.]site |
| 89[.]116[.]236[.]26 |
| hxxps[:]//t[.]me/macos_stealer_2023 |
| hxxps[:]//t[.]me/macos_logsbot |