People like to think that Apple’s Macs are more or less invulnerable to the assorted viruses and trojans that afflict Windows PCs, but that’s far from the truth. That’s just been aptly demonstrated by the emergence of a new malware strain that attempts to steal all of your passwords, credit card data, and more.
The discovery was made by security firm SentinelOne, which named the malware MetaStealer. According to SentinelOne, MetaStealer has the potential to trick you into giving away vital information that could cause a huge amount of damage, and it has a nefarious way of getting what it wants.
SentinelOne notes that the authors of MetaStealer appear to be targeting business owners who are running Apple’s macOS operating system, posing as potential clients in order to earn their trust and deceive them into installing the malware. That suggests a high level of determination and coordination on the part of MetaStealer’s creators.
For instance, SentinelOne cited one business owner who was tricked by someone masquerading as an interested client. “The man I’d been negotiating with on the job this past week sent me a password protected zip file containing this DMG file, which I thought was a bit odd,” they noted.
“Against my better judgment I mounted the image to my computer to see its contents,” they continued. “It contained an app that was disguised as a PDF, which I did not open and is when I realized he was a scammer.”
SentinelOne states that MetaStealer often disguises itself as a PDF file, despite actually being a DMG installer. Its file names have included “AnimatedPoster.dmg,” “AdobeOfficialBriefDescription.dmg,” and “Advertising terms of reference (MacOS presentation).dmg,” all in an attempt to appear legitimate.
Stealing your passwords
Once MetaStealer is running on a Mac, it tries to gather as much information as it possibly can. SentinelOne’s analysis identified code snippets for “exfiltrating the keychain, extracting saved passwords, and grabbing files.” A Mac’s keychain contains saved logins, credit card info, encryption keys, and other extremely sensitive data, so losing its contents could be catastrophic. Some samples also appear to target Telegram and Meta apps, giving MetaStealer its name.
MetaStealer is built using Intel x86_64 binaries, which means it is designed to run on Intel-based Macs. Apple started phasing these out in 2020 and replacing them with its own Apple silicon Macs. However, it bundled a translation app called Rosetta into macOS that lets users automatically run Intel apps on Apple silicon Macs. That means having a newer Apple-designed chip doesn’t necessarily protect your Mac from MetaStealer.
SentinelOne says 2023 has seen an “explosion of infostealers targeting the macOS platform,” and MetaStealer is just the latest in a long line of new malware strains aimed squarely at Apple’s customers. That means it’s more important than ever to keep your Mac secure, avoid downloading and running suspicious apps, and use an antivirus app to keep out digital nasties.
