Skip to main content
  1. Home
  2. Computing
  3. News

This Mac malware can steal your credit card data in seconds

Alex Blake
By

Despite their reputation for security, Macs can still get viruses, and that’s just been proven by a malicious new Mac malware that can steal your credit card info and send it back to the attacker, ready to be exploited. It’s a reminder to be careful when opening apps from unknown sources.

The malware, dubbed MacStealer, was discovered by Uptycs, a threat research firm. It hoovers up a wide array of your personal data, including the iCloud Keychain password database, credit card data, cryptocurrency wallet credentials, browser cookies, documents, and more. That means there’s a lot that could be at risk if it gains a foothold on your Mac.

A fake password prompt created by the MacStealer macOS malware.
A fake password prompt created by the MacStealer macOS malware. Uptycs

MacStealer begins its attacks using an installer file called weed.dmg. Opening this launches a fake password prompt that harvests your login credentials and uses them to access your sensitive information, which is then zipped up and sent to a server controlled by the hacker. Once that’s done, the stolen data is broadcasted to interested parties on a dedicated Telegram channel.

Related

Fortunately, even though MacStealer can extract your Mac’s iCloud Keychain database, it isn’t able to extract the passwords stored within. That’s because iCloud Keychain encrypts any data it stores. As the attackers note, without a user’s master password, getting at those passwords is “almost impossible.”

Recommended Videos

How to protect yourself

Apple's Craig Federighi speaking about macOS security at WWDC 2022.

Right now, the malware’s developers are selling it for $100 per build, making it relatively affordable in the world of malware as a service. According to the developer, the low price is due to the malware lacking a user panel and any builder functionality, as well as its current beta status.

Unfortunately, it seems like the threat actor developing MacStealer has some more ideas that they are planning to incorporate into future versions. That includes a cryptocurrency wallet drainer, a user control panel, the ability for customers to generate new builds themselves, and more.

If you want to protect yourself from MacStealer (and other Mac malware), you should keep your Mac up to date with the latest patches from Apple and only allow the installation of apps from trusted sources (such as the official App Store). Installing an antivirus app would also be a good idea, as would using one of the best password managers to keep your sensitive data locked up and encrypted.

Editors' Recommendations

Topics
Alex Blake
Alex Blake
Computing Writer
In ancient times, people like Alex would have been shunned for their nerdy ways and strange opinions on cheese. Today, he…
The one thing the next version of macOS needs to address
The MacBook Pro open on a wooden table.

Every year we get a new version of macOS, and that usually comes with an assortment of tweaks and features. But with the massive uptick in interest in generative AI, 2023 isn't like any other year in the world of tech.

Apple hasn't commented on or announced anything in response to tools like ChatGPT or Midjourney, making it one of the few big tech companies that haven't dipped their toe in yet. But WWDC 2023 is just around the corner, and rather than focus on all the iterative features Apple likely has in the works, generative AI will feel like the elephant in the room if it isn't addressed in macOS 14.

Read more
This little-known feature is my favorite part of using a Mac and iPhone together
Person using iPhone and MacBook.

Apple’s ecosystem attracts plenty of praise for how all the company’s devices work seamlessly together -- and rightly so. But among all the admiring glances cast toward AirDrop, Continuity Camera and Sidecar, there’s another feature that feels a little unloved -- yet it’s a superb perk of using multiple Apple devices together.

That feature is Universal Clipboard, a handy little timesaver that shuns the spotlight and simply works diligently in the background. Yet that simple nature -- it just works, as the saying goes -- is part of what makes it so great to use.

Read more
MacGPT: how to use ChatGPT on your Mac
The MacGPT app for macOS Monterey and Ventura.

Apple might not officially be in the AI space, but a developer has created a legitimate way to bring ChatGPT to macOS and make the chatbot accessible from your menu bar.

The aptly named MacGPT is an application developed by Jordi Bruin that allows you to install ChatGPT as a remote browser on your Mac desktop. The application has been available since the 2022 holiday season and has garnered over 370 ratings, many of which are five stars. MacGPT is currently free, however, Bruin accepts donations. Once out of beta, he will make MacGPT available at the App Store, where it will sell for $5.

Read more