Researchers have discovered the brand new macOS malware “MetaStealer” operating energetic campaigns towards Mac gadgets. The Go-based infostealer lures victims by way of social engineering, particularly infecting Intel-based Mac techniques.
MetaStealer Actively Concentrating on Macs In Current Malware Campaigns
In a latest reportthe cybersecurity large SentinelOne elaborated on a newly discovered macOS malware actively focusing on Macs.
Recognized because the “MetaStealer,” the malware reveals a unique Go supply code, with some overlaps and similarities with the opposite present Mac malware, reminiscent of Atomic Stealer. Apart from, the researchers additionally observed it utilizing related social engineering strategies to trick victims.
Nevertheless, MetaStealer isn’t a by-product of any existing Mac malware; it’s a brand new malware constituting a separate malware household aimed toward Mac gadgets. Furthermore, it additionally demonstrates a unique community structure and supply strategies. Nonetheless, the researchers didn’t rule out the opportunity of each malware belonging to the identical menace actors.
Concerning the latest campaigns, the researchers noticed the menace actors distributing MetaStealer by way of bundled functions. They sometimes purpose at macOS enterprise customers by mimicking pretend shoppers and naming the malicious malware droppers with seemingly legit titles, reminiscent of “Official Brief Description” or “Contract for Payment & Confidentiality Agreement.” The attackers then ship the payload to the victims by way of password-protected ZIP information containing the malware within the disk picture format (DMG). In some circumstances, the malware additionally impersonated Adobe Photoshop installer and different Adobe information.
The present MetaStealer variant appears extremely focused for Intel-based Mac techniques, because the researchers noticed the one structure Intel x86_64 binaries in all samples. This malware can not infect Apple M1 and M2 machines with out utilizing Rosetta. Nonetheless, the chance for future variants to focus on different Mac machines additionally persists.
The researchers noticed that Apple’s XProtect replace v2170 comprises a detection signature for some MetaStealer variations. Nevertheless, this detection isn’t as inclusive proper now. Subsequently, Mac customers, notably enterprise customers, should stay vigilant when interacting with attachments from anybody outdoors their trusted contacts.
Tell us your ideas within the feedback.
Creator: Abeerah Hashim
Date: 2023-09-17 14:49:09