macOS Devices Targeted by Infostealer Malware
A cybersecurity report disclosed information-stealing campaigns against macOS users. Learn more about the implications of the attacks and the strategies used by threat actors to steal the credentials of their victims.
- Apple’s macOS devices are being targeted by infostealer malware through mediums such as illegitimate ads and websites.
- The attacks primarily target users who are involved in the cryptocurrency sector to steal credentials and information from crypto wallets.
Threat actors are using sponsored advertisements and bogus websites to deliver data stealer malware variants, including Atomic Stealer and Meethub, onto macOS devices. The attacks largely target Apple users working with crypto wallets to steal credentials and other data related to associated financial transactions.
The attacks were discovered by security researchers from Jamf Threat Labs. According to their report, one attack variant hits users searching for Arc Browser on search engines, feeding bogus sponsored ads that redirect the user to illegitimate sites such as ArcSetup.dmg that contain the Atomic Stealer malware. To prevent detection, the websites cannot be accessed directly and can only be viewed by clicking such ad links.
Security researchers at Moonlock, a cybersecurity firm, have also found similar infostealer malware being distributed to macOS devices under the guise of providing victims with the unreleased GTA 6 video game, which in turn allows bad actors to steal data from the user’s Keychain database.
See More: Apple Sued by Department of Justice in Antitrust Case Over iPhone Monopoly
According to the security research report, another website called meethub[.]gg also delivered malware to macOS devices. The website claims to provide visitors with software meeting scheduling software; instead, it installs data stealer malware for extracting sensitive data about the device and cryptocurrency wallets.
The malware is being delivered to victims under the pretext of inviting users for a podcast or job interview, with the requirement of making certain downloads. The attack leverages unclear AppleScript, which launches deceptive prompts to trick the victims into providing personal data.
As the attacks are largely focused on users of the cryptocurrency industry, the financial losses can be very high. It highlights the need for people in the crypto industry to be aware of the means of finding user information in the public domain, which can be tied to a company in the sector. The report also raises awareness about the dangers of clicking on seemingly innocent ads that could lead to malicious code.
What do you think Apple can do to improve its data security practices? Let us know your thoughts on LinkedIn, X, or Facebook. We’d love to hear from you!
Image source: Shutterstock
LATEST NEWS STORIES
