Macstealer

MacStealer is a malicious software (malware) first observed in March 2023, specifically designed to exploit macOS devices ranging from Catalina (macOS 10) to Ventura (macOS 13), including those using Intel M1 and M2 CPUs. The malware uses the native macOS osascript utility to mimic a legitimate system prompt, thereby tricking users into providing their passwords. It can extract sensitive data such as passwords, cookies, and credit card information from Firefox, Google Chrome, and Brave browsers, including the ability to extract the KeyChain database. Moreover, it can steal documents, browser cookies, and login credentials, positioning itself as a significant threat to user privacy and security. In June 2023, MacStealer emerged with similar capabilities as other contemporary malware targeting macOS devices. Unlike its counterparts, such as Atomic Stealer, MacStealer is not limited to Desktop and Documents folders but can infiltrate various file directories associated with targeted browsers. Furthermore, it can extract files from a wide array of file types including TXT, DOC, DOCX, PDF, XLS, XLSX, PPT, PPTX, JPG, PNG, CSV, BMP, MP3, ZIP, RAR, PY, and DB, thus demonstrating a broader range of capabilities. Despite the similarities with other malware like Atomic Stealer, MacStealer differentiates itself by the browsers it supports and its method of collecting desktop files. It only collects passwords, cookies, and credit card information from Firefox, Chrome, and Brave browsers by directly querying file directories associated with these browsers. By doing so, MacStealer presents a unique threat profile, necessitating specific countermeasures for protection against its attacks.