New Malware Macstealer Steals Data from MacOS Devices Using Telegram Messenger
Cybercriminals have developed a new malicious software that can steal information from devices running Apple MacOS. The malware is called Macstealer and uses Telegram messenger as a platform for data exploration. The malicious B is mainly directed to devices with ARM processors of Apple M1 and M2, operating on MacOS Catalina and later versions.
According to researchers at UptyCS in their report, Macstealer has the possibility of theft of documents, cookies from the browser and information about entering the system. Currently, the malware is still under development. At the CyberPress forum, where Macstealer information was published, the authors said that they plan to add new functions, such as data capture from the Safari browser and the notes application.
Macstealer can extract data from browsers Google Chrome, Mozilla Firefox, and Brave, including the data “href=”https://support.apple.com/ru-ru/ht204085″>ligaments of the icloud key” (“ICLOUD KEYCHAIN”), as well as passwords and information about credit cards. In addition, the harmfuls support the collection of Microsoft Office, images, archives, and scripts Python.
The exact method of delivery for the malware is unknown, but researchers are sure that the container for distribution is the file ” weed.dmg “. After its launch, a fake dialog box for entering a password opens. When a naive victim indicates a password there, the malware receives the necessary permits for stealing user data.