A new malware attacks the Mac! Researchers have discovered that a virus called MetaStealer is currently seeking to plunder users’ sensitive data. To achieve its goals, it hides in a .dmg file sent by email…
Researchers from SentinelOne, an American company specializing in cybersecurity, discovered a new family of malware targeting Macs. Called MetaStealer, the virus is one of the “infostealers”. This is malware programmed to steal sensitive information from an infected computer, such as passwords, credit card details, and other personal data.
Also read: The next screen for Mac will have a second use, and Apple has already shown a preview
Malicious .dmg files
The hackers behind the operation exclusively target businesses. To trap a company’s employees, hackers use pass as a potential customer. After briefly chatting with their target, the cybercriminals will convince them to install software on their computer. A victim testifies to having received “a password protected zip file” containing a .dmg file. This is a disk image capable of installing an application on the Mac.
This file is only designed to install MetaStealer malware on the operating system. To lull the targets’ distrust, hackers do not hesitate to calibrate the name of the file. Investigators indeed discovered files titled “advertising reference clauses (MacOS presentation).dmg” or “CONCEPT A3 complete menu with dishes and translations in English.dmg”.
Once installed, the malware will convince the user to bypass GateKeeper, the mechanism that helps protect users from viruses and insecure applications. Before installation, it verifies the origin of the downloaded applications and ensures that they come from a developer identified and approved by Apple.
This precaution must be bypassed in order to install an application that does not come from the App Store, and criminals are well aware of this. Indeed, users can adjust Gatekeeper settings in the preferences, in the System Security and Privacy section, to allow the installation of applications from unauthorized sources.
The researchers specify that the malware first targets Macs running a Intel processor. The most recent machines, powered by a chip developed by Apple Silicon, are not directly affected. To deploy on a Mac with an M1 or M2 chip, MetaStealer would need to go through Rosetta, the “emulation” tool for applications designed for Intel processors on Apple ARM SoCs.
Scrambled code to evade detection
To avoid triggering security alerts anyway, the hackers carefully scrambled the malware code. They used a widespread technique called code obfuscation. It consists of making software code difficult to understand and interpret in order to blind antiviruses. By scrambling the code, the hackers notably attempted to hide the software’s exfiltration functions.
This isn’t the only spyware malware spotted on macOS in recent months. Researchers have also raised the alarm about Atomic Stealer, another virus designed to steal data, such as usernames, passwords and private keys that provide access to a wallet containing cryptocurrencies.
Let’s also mention ShadowVault, another malware designed to steal data from a Mac. For SentinelOne, the appearance of a third Infostealer in a few months shows “the trend of targeting Mac users for their data continues to grow in popularity”. So don’t hesitate to install an antivirus on your Mac to avoid unpleasant surprises.