Macstealer

Malware Profile Updated 3 months ago

Download STIX

Preview STIX

MacStealer is a malicious software (malware) first observed in March 2023, specifically designed to exploit macOS devices ranging from Catalina (macOS 10) to Ventura (macOS 13), including those using Intel M1 and M2 CPUs. The malware uses the native macOS osascript utility to mimic a legitimate system prompt, thereby tricking users into providing their passwords. It can extract sensitive data such as passwords, cookies, and credit card information from Firefox, Google Chrome, and Brave browsers, including the ability to extract the KeyChain database. Moreover, it can steal documents, browser cookies, and login credentials, positioning itself as a significant threat to user privacy and security. In June 2023, MacStealer emerged with similar capabilities as other contemporary malware targeting macOS devices. Unlike its counterparts, such as Atomic Stealer, MacStealer is not limited to Desktop and Documents folders but can infiltrate various file directories associated with targeted browsers. Furthermore, it can extract files from a wide array of file types including TXT, DOC, DOCX, PDF, XLS, XLSX, PPT, PPTX, JPG, PNG, CSV, BMP, MP3, ZIP, RAR, PY, and DB, thus demonstrating a broader range of capabilities. Despite the similarities with other malware like Atomic Stealer, MacStealer differentiates itself by the browsers it supports and its method of collecting desktop files. It only collects passwords, cookies, and credit card information from Firefox, Chrome, and Brave browsers by directly querying file directories associated with these browsers. By doing so, MacStealer presents a unique threat profile, necessitating specific countermeasures for protection against its attacks.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Macos

Malware

Uptycs

Credentials

Chrome

Ransomware

Ios

Firefox

Malwarebytes

Apple

Exploit

Infostealer

Maas

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Lockbit	Unspecified	1	LockBit is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. It can enter your system through various channels such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt
Amos	Unspecified	1	AMOS is a malicious software (malware) that targets Mac systems, with the ability to steal passwords, personal files, and cryptocurrency wallet information. It was first identified as part of the ClearFake campaign, which aimed to spread the macOS AMOS information stealer. The malware can infect bot
Atomic Stealer	Unspecified	1	Atomic Stealer is a malicious software (malware) known for its ability to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites. It is designed to steal personal information, disrupt operations, and even hold data hostage for ransom. A new version

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Source Document References

Information about the Macstealer Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
CERT-EU	5 months ago	Alert: Info Stealers Target Stored Browser Credentials
BankInfoSecurity	5 months ago	Alert: Info Stealers Target Stored Browser Credentials
CERT-EU	7 months ago	Kaspersky crimeware report: FakeSG, Akira and AMOS
CERT-EU	a year ago	5 macOS Infostealers Making Waves Right Now
CERT-EU	a year ago	Newer, Better XLoader Signals a Dangerous Shift in macOS Malware
CERT-EU	a year ago	Researchers Leverage ChatGPT to Expose Notorious macOS Malware
CERT-EU	a year ago	All the Mac malware we know about
CERT-EU	a year ago	macOS Under Attack: Examining the Growing Threat and User Perspectives
CERT-EU	a year ago	macOS Under Attack: Examining the Growing Threat and User Perspectives
CERT-EU	a year ago	New 'ShadowVault' macOS malware steals passwords, crypto, credit card data
CERT-EU	a year ago	ShadowVault macOS Stealer surfaces as the newest sophisticated Mac malware
CERT-EU	a year ago	Newly Surfaced ThirdEye Infostealer Targeting Windows Devices
DARKReading	a year ago	Attackers Target macOS With 'Geacon' Cobalt Strike Tool
CERT-EU	a year ago	PSA: 'Atomic macOS Stealer' malware can compromise iCloud Keychain passwords, credit cards, crypto wallets
CERT-EU	a year ago	Atomic malware steals Mac passwords, crypto wallets, and more
Securelist	a year ago	Non-mobile malware statistics, Q1 2023
InfoSecurity-magazine	a year ago	New MacStealer Targets Catalina, Newer MacOS Versions
Securityaffairs	a year ago	MacStealer macOS malware appears in cybercrime underground
CERT-EU	a year ago	MacStealer MacOS Malware Steals Passwords from iCloud Keychain
DARKReading	a year ago	MacStealer Malware Plucks Bushels of Data From Apple Users