A caller accusation stealer malware called MetaStealer has acceptable its sights connected Apple macOS, making the latest successful a increasing database of stealer families focused connected the operating strategy aft Stealer, Pureland, Atomic Stealer, and Realst.
"Threat actors are proactively targeting macOS businesses by posing arsenic fake clients successful bid to socially technologist victims into launching malicious payloads," SentinelOne information researcher Phil Stokes said successful a Monday analysis.
In these attacks, MetaStealer is distributed successful the signifier of rogue exertion bundles successful the disk representation format (DMG), with targets approached done menace actors posing arsenic prospective plan clients successful bid to stock a password-protected ZIP archive containing the DMG file.
Other instances person progressive the malware masquerading arsenic Adobe files oregon installers for Adobe Photoshop. Evidence gathered truthful acold shows that MetaStealer artifacts began appearing successful the chaotic successful March 2023. The astir caller illustration was uploaded to VirusTotal connected August 27, 2023.
"This circumstantial targeting of concern users is somewhat antithetic for macOS malware, which is much commonly recovered being distributed via torrent sites oregon suspicious third-party bundle distributors arsenic cracked versions of business, productivity oregon different fashionable software," Stokes said.
The main constituent of the payload is an obfuscated Go-based executable that comes with features to harvest information from iCloud Keychain, saved passwords, and files from the compromised host.
Select versions of the malware person been observed containing functions that apt people Telegram and Meta services.
SentinelOne said it observed immoderate MetaStealer variants impersonating TradingView, the aforesaid maneuver that has been adopted by Atomic Stealer successful caller weeks.UPCOMING WEBINAR
Way Too Vulnerable: Uncovering the State of the Identity Attack Surface
Achieved MFA? PAM? Service relationship protection? Find retired however well-equipped your enactment genuinely is against individuality threatsSupercharge Your Skills
This raises 2 possibilities: Either the aforesaid malware authors could beryllium down some the stealer families and person been adopted by antithetic menace actors owed to differences successful the transportation mechanism, oregon they are the handiwork of disparate sets of actors.
"The quality of yet different macOS infostealer this twelvemonth shows the inclination towards targeting Mac users for their information continues to emergence successful popularity among menace actors," Stokes said.
"What makes MetaStealer notable among this harvest of caller malware is the wide targeting of concern users and the nonsubjective of exfiltrating invaluable keychain and different accusation from these targets. Such high-value information tin beryllium utilized to prosecute further cybercriminal enactment oregon summation a foothold successful a larger concern network."