As cybersecurity threats continue to evolve, a new macOS malware called MacStealer has emerged, posing a significant risk to users. This malicious software, discovered by the Uptycs threat research team, is capable of extracting sensitive data, documents and login credentials from macOS systems. It uses Telegram for its command and control operations. In this blog post, we will provide an overview of MacStealer, how it works and how Jamf Protect ensures your macOS devices are protected against this threat.
A new macOS malware variant, dubbed MacStealer, has been discovered and linked to a threat actor distributing the malicious code via the dark web. This stealer can extract a variety of files, browser cookies, and login information from a victim's system. It also has the ability to collect passwords, cookies and credit card data from popular browsers like Firefox, Google Chrome and Brave.
MacStealer targets macOS systems running Catalina and subsequent versions on Intel, M1 and M2 CPUs. It is expected to become more widespread due to its high demand among threat actors.
Jamf Protect threat prevention blocks the execution of MacStealer, effectively safeguarding your macOS devices from this malicious software. It is essential to keep your Mac systems up-to-date with the latest updates and patches and only install files from trusted sources.
MacStealer communicates with command and control servers via Telegram channels, utilizing the popular messaging platform — known for its privacy protections — for its operations.
MacStealer is a growing threat to macOS users and it's crucial to stay informed about the latest cybersecurity risks. Jamf Protect ensures your macOS devices are protected against this malware, allowing you to maintain the security of your systems. Keep your Mac devices updated with the latest patches and exercise caution when installing files from untrusted sources to minimize the risk of falling victim to MacStealer and other cyber threats.
IOCs (as discovered by Uptycs)
Don't wait until an incident occurs to look into getting the best-of-breed endpoint security for Apple.
Try out Jamf Protect and start securing your devices, users and data today...they'll all thank you for it!
Have market trends, Apple updates and Jamf news delivered directly to your inbox.