Macstealer

Malware Profile Updated a month ago
Download STIX
Preview STIX
MacStealer is a malicious software (malware) first observed in March 2023, specifically designed to exploit macOS devices ranging from Catalina (macOS 10) to Ventura (macOS 13), including those using Intel M1 and M2 CPUs. The malware uses the native macOS osascript utility to mimic a legitimate system prompt, thereby tricking users into providing their passwords. It can extract sensitive data such as passwords, cookies, and credit card information from Firefox, Google Chrome, and Brave browsers, including the ability to extract the KeyChain database. Moreover, it can steal documents, browser cookies, and login credentials, positioning itself as a significant threat to user privacy and security. In June 2023, MacStealer emerged with similar capabilities as other contemporary malware targeting macOS devices. Unlike its counterparts, such as Atomic Stealer, MacStealer is not limited to Desktop and Documents folders but can infiltrate various file directories associated with targeted browsers. Furthermore, it can extract files from a wide array of file types including TXT, DOC, DOCX, PDF, XLS, XLSX, PPT, PPTX, JPG, PNG, CSV, BMP, MP3, ZIP, RAR, PY, and DB, thus demonstrating a broader range of capabilities. Despite the similarities with other malware like Atomic Stealer, MacStealer differentiates itself by the browsers it supports and its method of collecting desktop files. It only collects passwords, cookies, and credit card information from Firefox, Chrome, and Brave browsers by directly querying file directories associated with these browsers. By doing so, MacStealer presents a unique threat profile, necessitating specific countermeasures for protection against its attacks.
What's your take? (Question 1 of 4)
35a485e2-cb86-4eb4-bbef-fc4891a543cc Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Macos
Malware
Telegram
Uptycs
Chrome
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Macstealer Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Malwarebytes
a year ago
New macOS malware steals sensitive info, including a user's entire Keychain database
CERT-EU
a year ago
MacStealer MacOS Malware Steals Passwords from iCloud Keychain
Securityaffairs
a year ago
MacStealer macOS malware appears in cybercrime underground
InfoSecurity-magazine
a year ago
New MacStealer Targets Catalina, Newer MacOS Versions
CERT-EU
9 months ago
5 macOS Infostealers Making Waves Right Now
CERT-EU
a year ago
Mac Malware MacStealer Spreads as Fake P2E Apps – Cyber Security Review
DARKReading
a year ago
MacStealer Malware Plucks Bushels of Data From Apple Users
CERT-EU
10 months ago
All the Mac malware we know about
CERT-EU
a year ago
PSA: 'Atomic macOS Stealer' malware can compromise iCloud Keychain passwords, credit cards, crypto wallets
CERT-EU
a year ago
New 'ShadowVault' macOS malware steals passwords, crypto, credit card data
CERT-EU
a year ago
Newly Surfaced ThirdEye Infostealer Targeting Windows Devices
Securelist
a year ago
Non-mobile malware statistics, Q1 2023
CERT-EU
10 months ago
Researchers Leverage ChatGPT to Expose Notorious macOS Malware
CERT-EU
a year ago
ShadowVault macOS Stealer surfaces as the newest sophisticated Mac malware
DARKReading
a year ago
Attackers Target macOS With 'Geacon' Cobalt Strike Tool
CERT-EU
9 months ago
Newer, Better XLoader Signals a Dangerous Shift in macOS Malware
CERT-EU
a year ago
Atomic malware steals Mac passwords, crypto wallets, and more
CERT-EU
10 months ago
macOS Under Attack: Examining the Growing Threat and User Perspectives
CERT-EU
6 months ago
Kaspersky crimeware report: FakeSG, Akira and AMOS
CERT-EU
3 months ago
Alert: Info Stealers Target Stored Browser Credentials