Skip to main content
  1. Home
  2. Computing
  3. News

This Mac malware can steal your credit card data in seconds

By

Despite their reputation for security, Macs can still get viruses, and that’s just been proven by a malicious new Mac malware that can steal your credit card info and send it back to the attacker, ready to be exploited. It’s a reminder to be careful when opening apps from unknown sources.

The malware, dubbed MacStealer, was discovered by Uptycs, a threat research firm. It hoovers up a wide array of your personal data, including the iCloud Keychain password database, credit card data, cryptocurrency wallet credentials, browser cookies, documents, and more. That means there’s a lot that could be at risk if it gains a foothold on your Mac.

A fake password prompt created by the MacStealer macOS malware.
A fake password prompt created by the MacStealer macOS malware. Uptycs

MacStealer begins its attacks using an installer file called weed.dmg. Opening this launches a fake password prompt that harvests your login credentials and uses them to access your sensitive information, which is then zipped up and sent to a server controlled by the hacker. Once that’s done, the stolen data is broadcasted to interested parties on a dedicated Telegram channel.

Recommended Videos

Fortunately, even though MacStealer can extract your Mac’s iCloud Keychain database, it isn’t able to extract the passwords stored within. That’s because iCloud Keychain encrypts any data it stores. As the attackers note, without a user’s master password, getting at those passwords is “almost impossible.”

How to protect yourself

Apple's Craig Federighi speaking about macOS security at WWDC 2022.
Apple

Right now, the malware’s developers are selling it for $100 per build, making it relatively affordable in the world of malware as a service. According to the developer, the low price is due to the malware lacking a user panel and any builder functionality, as well as its current beta status.

Unfortunately, it seems like the threat actor developing MacStealer has some more ideas that they are planning to incorporate into future versions. That includes a cryptocurrency wallet drainer, a user control panel, the ability for customers to generate new builds themselves, and more.

If you want to protect yourself from MacStealer (and other Mac malware), you should keep your Mac up to date with the latest patches from Apple and only allow the installation of apps from trusted sources (such as the official App Store). Installing an antivirus app would also be a good idea, as would using one of the best password managers to keep your sensitive data locked up and encrypted.

Editors’ Recommendations

Topics
Alex Blake
Alex Blake
Computing Writer
In ancient times, people like Alex would have been shunned for their nerdy ways and strange opinions on cheese. Today, he…
I’ve been using the first macOS Sequoia public beta. Here’s my take on it so far
The iPhone Mirroring feature from macOS Sequoia being demonstrated at the Worldwide Developers Conference (WWDC) 2024.

Apple today launched the macOS Sequoia public beta, opening the doors to app developers, bug hunters, and curious users alike. With the full release not expected until much later this year, it’s a good opportunity to get a sneak peek at what Apple has in store for us.

Or at least, a sneak peek at most of what’s planned. Despite being packed with features, macOS Sequoia is missing the headline-grabbing Apple Intelligence feature, at least for the time being. Without that, is it still worth downloading and installing the public beta?

Read more
The macOS Sequoia public beta just launched. Here’s how to download it
Apple's Craig Federighi introducing the new window tiling feature in macOS Sequoia at the Worldwide Developers Conference (WWDC) 2024.

The public beta for macOS Sequoia is here, and that means anyone with a compatible device can install it and try it out -- no paid developer memberships needed. Here's how to get it.

First of all, you'll need a PC that can run macOS Sequoia. This is the list of compatible models:

Read more
The ChatGPT app has changed how I use my Mac in three key ways
The Option+Space shortcut of the macOS ChatGPT app.

After a long wait, OpenAI has launched the ChatGPT app on macOS for everyone to use. I’ve been playing around with it to see how it works and what it’s good at, and I’ve come away pretty impressed so far. It’s got all the power of ChatGPT in a handy desktop package. Better yet, you don’t need to pay to use it, as there’s no cost to download it, and it works with a free OpenAI account (free accounts do have limits placed on their usage, though, as they do on the web).

After seeing what I can get out of it, I’ve found there are three things I really love about the new ChatGPT Mac app. From the way it launches to its impressive capabilities, I think you’ll enjoy these aspects of the app as well.
It launches with a clever shortcut

Read more