A Dangerous New Mac Malware Steals Your Credit Info
MetaStealer Malware Steals Information
Overt Operator
September 14, 2023
A new malware strain has emerged that poses a significant threat to Mac users.
Contrary to popular belief, Macs are not invulnerable to viruses and trojans, and this new malware serves as a reminder of that fact.
Dubbed MetaStealer, this malware attempts to steal sensitive information, including passwords and credit card data.
Security firm SentinelOne discovered the malware and highlighted its deceptive tactics. The creators of MetaStealer specifically target business owners running Apple's macOS operating system. They masquerade as potential clients, gaining their trust before tricking them into installing the malware. This level of determination and coordination suggests a sophisticated operation.
SentinelOne shared the account of a business owner who fell victim to MetaStealer. The owner received a password-protected zip file from someone posing as a potential client. Curiosity got the better of the owner, who mounted the DMG file containing an app disguised as a PDF. Thankfully, the owner realized the scam and did not open the app.
MetaStealer often disguises itself as a PDF file, even though it's actually a DMG installer. It uses file names like "AnimatedPoster.dmg," "AdobeOfficialBriefDescription.dmg," and "Advertising terms of reference (MacOS presentation).dmg" to appear legitimate.
Once MetaStealer infiltrates a Mac, it attempts to gather as much information as possible. SentinelOne's analysis discovered code snippets designed to extract saved passwords, grab files, and exfiltrate the keychain. The keychain on a Mac contains sensitive data such as logins, credit card information, and encryption keys. Losing this information could have catastrophic consequences for users. Additionally, some samples of MetaStealer also target popular apps like Telegram and Meta.
MetaStealer is built using Intel x86_64 binaries, which means it is designed to run on Intel-based Macs. Although Apple has phased out Intel-based Macs and transitioned to its own Apple silicon, macOS includes a translation app called Rosetta. This app allows users to automatically run Intel apps on Apple silicon Macs, making them vulnerable to MetaStealer.
To protect against this malware and others like it, Mac users should remain cautious when downloading files from unknown sources. Users should also ensure they have strong, unique passwords for their accounts and regularly update their operating system and security software.
While Macs may be considered more secure than Windows PCs, it is essential not to underestimate the potential for security threats. MetaStealer serves as a reminder that all computer users, regardless of their operating system, should remain vigilant and take steps to protect themselves from malware and other cyber threats.