This new macOS malware is targeting iCloud Keychain to steal all your details

News
By published

New macOS malware being sold on the dark web

malware
(Image credit: Elchinator from Pixabay)

Security experts have warned macOS users about a new piece of malware being advertised on the dark web that seeks to exfiltrate sensitive data, such as passwords, cryptocurrency wallet information, and similar.

Cybersecurity researchers from the Uptycs threat research team recently spotted a threat actor adveritsing their new product on the dark web, with the explicit aim of targeting macOS users. 

The malware is being sold for $100, with the criminals claiming they’re offering such a competitive price because the product is still in early development stages and doesn’t have a builder or panel.

Stealing passwords

Instead, users can get a pre-built DMG payload for different versions of macOS: Catalina, Big Sur, Monterey, and Ventura (the latter is the latest macOS version).

Those that choose to purchase MacStealer must then find a way to distribute it to their victims, as the developer only sells the malware. Those that decide to run the malicious executable will be prompted with a fake password popup, through which they’d give MacStealer the permission to collect sensitive information from the compromised endpoint.

Read more

> This new custom macOS malware seizes control of your Google Drive account

> This creepy macOS malware secretly takes screenshots of your device

> These are the best ID theft protection services right now

That being said, the tool is able to do quite a few things, including stealing account passwords, cookies, and credit card details stored in popular browsers such as Firefox, Chrome, or Brave; exfiltrating the Keychain database in base64 encoded form; gather system information; gather Keychain password information; and grab data from some of the most popular cryptocurrency wallets (MetaMask, Exodus, Tron, Binance, and others).

Once it collects all of the information it needs, it compresses them into a .ZIP file and mails them back to its command & control server. Furthermore, it sends basic data to the malware operators’ pre-configured Telegram channel, notifying them of the successful operation. 

MacOS malware aren’t that common, but they do happen. Last month, BleepingComputer reminds, security researchers discovered such malware in a phishing campaign targeting The Sandbox players. This malware also hunted for information stored in browsers, as well as cryptocurrency wallet information.

Via: BleepingComputer

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Illustration of a laptop with a magnifying glass exposing a beetle on-screen
This devious macOS malware is evading capture by using Apple's own encryption
Ransomware
Microsoft spies a new and worrying macOS malware strain
Ransomware
Microsoft uncovers sleuthy new XCSSET MacOS malware campaign
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Mac users targeted with new malware, so be on your guard
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
These fake macOS updates are actually just looking to spread malware
A person in a wheelchair working at a computer.
Why betting on Mac security could put your organization at risk
Latest in Security
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Latest in News
Zendesk Relate 2025
Zendesk Relate 2025 - everything you need to know as the event unfolds
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Google Gemini AI
Gemini can now see your screen and judge your tabs
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Philips Hue
Philips Hue might be working on a video doorbell, and according to a new report, we just got our first look at it
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
More about security
An abstract image of digital security.

Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft

"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Frank Castle pinning Matt Murdock against a locker in Daredevil: Born Again episode 4

What time is Daredevil: Born Again episode 5 going to be released on Disney+?
See more latest
Most Popular
Frank Castle pinning Matt Murdock against a locker in Daredevil: Born Again episode 4
What time is Daredevil: Born Again episode 5 going to be released on Disney+?
AMD Ryzen 9950X
I analyzed 25 AMD Zen 4 and Zen 5 CPUs and the Ryzen 9 9900X is the best of them all right now: Here’s why
Ugreen \00d7 Genshin Impact Kinich Collectible Gift Box and exclusive Genshin Impact merchandise.
Ugreen reveals exclusive Genshin Impact collection and they're some of the most eye-catching charging products I've ever used
Zendesk Relate 2025
Zendesk Relate 2025 - everything you need to know as the event unfolds
Google Gemini AI
Gemini can now see your screen and judge your tabs
iFi iDSD Valkyrie in gold, on a beige desk
iFi's iDSD Valkyrie DAC wants to guide your music to the great hall of Valhalla
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
A fresh Samsung Galaxy S25 Edge leak hints at a 2K display and a titanium frame
Philips Hue
Philips Hue might be working on a video doorbell, and according to a new report, we just got our first look at it
SDUNITED AX835-025FF mini PC
This mini PC with the incredible Strix Halo APU is yet another sign AMD may have given up on big brands for bleeding edge tech
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting