Detect malware stealing information from Mac users

# **Detected information-stealing malware from Mac users** ## Information-stealing malware called MacStealer has been detected, targeting Apple’s macOS operating system to steal sensitive information. According to *The Hacker News*, MacStealer is the latest example of hackers using Telegram as a command and control platform to steal data. This malware affects devices running macOS Catalina versions or later with M1 and M2 CPUs. According to the researchers, MacStealer is capable of stealing documents, cookies from the victim’s browser, and login information. This malware is advertised on hacker forums for 100 USD and is still in the process of being finalized. The authors of this malware plan to add features to collect data from Apple’s Safari browser and the Notes app. SentinelOne researcher Phil Stokes said that as Macs become more common in businesses, the data stored becomes even more important to attackers. Currently the MacStealer version is designed to extract data from iCloud Keychain, passwords and credit card information from browsers such as Google Chrome, Mozilla Firefox and Brave. It also features support for collecting Microsoft Office files, images, archives, and Python scripts. It is not clear how this maleware is distributed, some reports say the program is spread as a DMG file. When executed, MacStealer will open a fake password input box with a message to access system settings (System Settings). MacStealer is one of several information-stealing tools that have emerged in recent months. Before that was the HookSpoofer malware with the ability to record the keyboard (keylog) and transmit the stolen data to Telegram’s bot. This messaging platform is also exploited by a browser cookie-stealing malware called Ducktail. According to *The Hacker News*, Ducktail is likely developed by a Vietnamese hacker group. Given that it is unclear how the distribution of stolen information is spread through channels such as email attachments, mistaken installation of fake software, etc. To minimize threats, users should update their operating system. and security software, and avoid downloading files or clicking on links from unknown sources.