MacStealer Malware: What you need to know to stay safe

Lizzie Warren

Apr 26, 2023

7 min read

Prevention is better than cure.

This age-old adage rings true, especially in the case of malware attacks on our Mac devices. The emergence of the malware known as MacStealer disproves any notion that macOS users had about their computers’ vulnerability to malware. MacStealer malware has been making its presence known in the macOS world and it’s a growing concern for all Mac users. They can steal our personal information, banking details and even take control of our devices without even knowing.

Its consequences can be devastating and the road to recovery can be long and bumpy. So, don’t let MacStealer malware catch you off guard. Let’s prioritize prevention and take control of our online security.

What is MacStealer malware?

MacStealer malware is a type of malicious software that specifically prey on macOS users and steal sensitive information, such as credit card data, usernames, and passwords. The tricky part is that MacStealer disguises itself as legitimate software, misleading users into letting it into their system.

Well, how does this dangerous malware make its way onto your system? It appears that the bad actors behind MacStealer are using a .DMG file to spread the malware. Once the user executes the file, a fake password prompt pops up, which is used to gather passwords using a specific command line. The MacStealer malware then gets to work, compressing the stolen data into a Zip file. After that, it sends the file silently to the intended recipient (probably the so called “hacker”) 🤫.

What is .DMG file?

Disc image files, or DMG files, are used by devices running Mac operating systems and programming to store data for the macOS software. An Apple Disc Image file (often known as a Mac OS X Disc Image file or simply a DMG file) is essentially a digital reconstruction of a physical disc.

Since using a physical disc is not always an option, compressed software installers are frequently stored in a DMG file format. The macOS disc image format offers compression, file spanning, and encryption. Some DMG files can be password-protected as well!

MacStealer can infiltrate through malicious downloads or fake websites, posing as something harmless. Downloading a software update that looks legitimate, only to realize that it’s the MacStealer malware in disguise. Scary, right?

What’s even more concerning is that MacStealer uses Telegram, a popular messaging app. The attacker can receive communication from the malware via this app, which can make it more challenging to identify and trace the origin of the attack. This malware targets macOS systems running Catalina and newer versions on Intel, M1, and M2 CPUs. It’s expected to become more widespread, putting more users at risk.

Who and How?

The “MacStealer malware” was discovered by the Uptycs threat research team during their dark web hunting. MacStealer is offered as malware-as-a-service (MaaS), where its developer charges $100 for the prepared build. Any potential attacker can purchase it and may use it to spread the malware through their campaigns. This approach makes it easier for cybercriminals to spread the malware and launch their campaigns, without having to develop the malware themselves.

The fact that MacStealer is being offered as a MaaS product is a cause for concern, as it makes it easier for even inexperienced hackers to spread the malware. As we’ve seen time and time again, cybercriminals are always looking for ways to monetize their activities, and MaaS is just one of the latest trends in this regard.

How harmful is the MacStealer malware?

According to the creator of the malicious software, MacStealer can steal the following information from infected systems:

  • It can steal account passwords, cookies, and credit card details from popular browsers like Firefox, Chrome and Brave.
  • It can extract files in a range of formats, such as .txt, .doc, .jpg and .zip
  • The malware can collect system information and Keychain password information.
  • It can also extract the Keychain database (login.keychain-db) in base64 encoded form.
  • MacStealer can target cryptocurrency wallets such as Coinomi, Exodus, MetaMask, Phantom, etc.

Best practices for cybersecurity for macOS users

Here are some best practices to follow to enhance cybersecurity for macOS users:

  • Keep your macOS system up to date with the latest security patches and updates.
  • Only download software and apps from trusted sources, such as the App Store.

As technology advances, exploring additional best practices to keep our systems secure is always a good idea. So, here are some additional tips that you can consider:

  • For all the accounts, create strong passwords that are all different from one another. Also, turn on two-factor authentication whenever possible.
  • Avoid clicking on suspicious links or downloading attachments from unknown sources.
  • Regularly back up your important files and data to an external hard drive or cloud storage service.
  • Apart from these, stay informed! Always read tech news and be updated about the new dangers that may be out there. Through this, we can stay one step ahead of cybercriminals and keep our digital lives safe and secure.

By following these best practices, macOS users can minimize the risk of having cyber-attacks and can keep their devices and data safe. 😉

Adding more to the point 🤫

Are you wondering why you should download software and apps from trusted sources?

The answer is simple! Apps and software are the main entry points for malware into our systems. If we’re not careful, it’s like rolling out the red carpet and welcoming them right in!

So, to protect your device, take a moment before hitting that download button and do some research to ensure the app is legitimate. Here are some steps you can take:

  • Check out user review.
  • Verify that the app store is legitimate.
  • Compare the app sponsor’s official website with the app store link to make sure they match up.

Also, macOS comes with a feature called Gatekeeper to guarantee that only trustworthy software runs on your device. If you want to know more about Gatekeeper, check out this blog too!

How Hexnode UEM can save the day?

In the face of the rising threat of MacStealer malware, Hexnode UEM can be the saving grace for Mac users. With its comprehensive Mac management features, Hexnode UEM ensures the protection of devices from any malicious attacks, including the MacStealer malware.

One of the biggest advantages of using Hexnode UEM is its ability to distribute and install apps on target devices automatically, which makes the process of securing your devices much easier and more efficient. This will also help the IT admins to ensure that the apps are installed from a trusted source.

The unfamiliar frontier: The dangers of installing apps from unknown sources

Additionally, Hexnode UEM ensures that your devices comply with company security guidelines, including password regulations, disk encryption techniques like FileVault, firewall setup, screensaver settings, certificate management, and other security measures. It even helps to schedule macOS updates. Admins can also manage the software updates via custom scripts.

Hexnode UEM also offers location tracking, device setup changes, app management, user account management and other features that allow for effective management of your Mac fleet. With its comprehensive features and efficient management strategies, Hexnode UEM can be the hero that saves the day and keeps your devices protected from any potential threats.

Featured resource

Hexnode Mac Management

Get started with Hexnode’s Mac Management solution to save your time and the associated IT operational costs of managing your Mac devices.

Download datasheet

The bottom line

With MacStealer malware on the rise, it’s crucial to take precautions and protect your sensitive information from being stolen. It’s not enough to simply assume that our Macs are immune to malware. By taking preventative measures and implementing best practices for cybersecurity, we can significantly reduce the risk of falling victim to attacks like MacStealer. By using a Unified Endpoint Management (UEM) solution like Hexnode, we can ensure that our macOS system is secure and protected against any malware. So, don’t wait any longer. Sign up for Hexnode UEM to keep your Mac safe and secure!

Lizzie Warren

A lil clumsy and a whole lot smiley, I'll bump into you with a smile...

Share your thoughts