This dangerous new Mac malware steals your credit card info
A dangerous new strain of Mac malware has emerged that uses deceptive tactics to steal your passwords, credit card info, and more. Here’s how to stay safe.
By
Alex Blake
September 13, 2023 3:04AM
People like to think that Apple’s Macs are more or less invulnerable to the assorted viruses and trojans that afflict Windows PCs, but that’s far from the truth. That’s just been aptly demonstrated by the emergence of a new malware strain that attempts to steal all of your passwords, credit card data, and more.
The discovery was made by security firm SentinelOne, which named the malware MetaStealer. According to SentinelOne, MetaStealer has the potential to trick you into giving away vital information that could cause a huge amount of damage, and it has a nefarious way of getting what it wants.
Sora Shimazaki / PexelsSentinelOne notes that the authors of MetaStealer appear to be targeting business owners who are running Apple’s macOS operating system, posing as potential clients in order to earn their trust and deceive them into installing the malware. That suggests a high level of determination and coordination on the part of MetaStealer’s creators.
For instance, SentinelOne cited one business owner who was tricked by someone masquerading as an interested client. “The man I’d been negotiating with on the job this past week sent me a password protected zip file containing this DMG file, which I thought was a bit odd,” they noted.
“Against my better judgment I mounted the image to my computer to see its contents,” they continued. “It contained an app that was disguised as a PDF, which I did not open and is when I realized he was a scammer.”
SentinelOne states that MetaStealer often disguises itself as a PDF file, despite actually being a DMG installer. Its file names have included “AnimatedPoster.dmg,” “AdobeOfficialBriefDescription.dmg,” and “Advertising terms of reference (MacOS presentation).dmg,” all in an attempt to appear legitimate.
Stealing your passwords
piranka / Getty ImagesOnce MetaStealer is running on a Mac, it tries to gather as much information as it possibly can. SentinelOne’s analysis identified code snippets for “exfiltrating the keychain, extracting saved passwords, and grabbing files.” A Mac’s keychain contains saved logins, credit card info, encryption keys, and other extremely sensitive data, so losing its contents could be catastrophic. Some samples also appear to target Telegram and Meta apps, giving MetaStealer its name.
MetaStealer is built using Intel x86_64 binaries, which means it is designed to run on Intel-based Macs. Apple started phasing these out in 2020 and replacing them with its own Apple silicon Macs. However, it bundled a translation app called Rosetta into macOS that lets users automatically run Intel apps on Apple silicon Macs. That means having a newer Apple-designed chip doesn’t necessarily protect your Mac from MetaStealer.
SentinelOne says 2023 has seen an “explosion of infostealers targeting the macOS platform,” and MetaStealer is just the latest in a long line of new malware strains aimed squarely at Apple’s customers. That means it’s more important than ever to keep your Mac secure, avoid downloading and running suspicious apps, and use an antivirus app to keep out digital nasties.
Editors' Recommendations
In the age of ChatGPT, Macs are under malware assault This critical exploit could let hackers bypass your Mac’s defenses This Mac malware can steal your credit card data in seconds This devious scam app proves that Macs aren’t bulletproof This major Apple bug could let hackers steal your photos and wipe your deviceIn ancient times, people like Alex would have been shunned for their nerdy ways and strange opinions on cheese. Today, he…
This critical macOS flaw may leave your Mac defenseless
Apple’s macOS operating system has such a strong reputation for security that many people mistakenly believe Macs simply aren’t affected by malware. Well, Microsoft has served up a reminder that that’s not true, as the company has identified a serious vulnerability that affects one of macOS’s most important lines of defense.
According to Bleeping Computer, the bug was first reported by Jonathan Bar Or, Microsoft’s principal security researcher, who named the flaw Achilles. It is now tracked as CVE-2022-42821.
Beware — even Mac open-source apps can contain malware
Installing apps on a Mac is generally considered to be safer than doing so on Windows and open-source software is usually benign but there are exceptions to both of these assumptions that can do untold damage to your privacy and security.
A recent discovery by Trend Micro provides a startling example of this risk. An open-source app designed to help Mac owners with iPhone and iPad app signing has been altered to include a nasty hack that steals your Apple Keychain data. The original app is called ResignTool and it’s available for free on the popular open-source site, GitHub. The app is six years old and both the code and the ready-to-run app can be downloaded from GitHub. That isn’t the problem.
Apple Security Research website launches to protect your Mac
Apple just launched a new website that's dedicated to macOS and iOS security and there are already two blog posts that provide examples of what to expect, one providing a deep dive into memory allocation within the XNU kernel at the heart of all Apple devices, and another discussing the improved security bounty process.
The new website will undoubtedly become a critical resource for Apple security researchers, both providing information and serving as a hub for submitting bounties. The Apple Security Research website is also where you can apply for an official Apple Security Research Device (SRD) to help with identifying vulnerabilities by providing special access to what are normally protected areas of iOS.