Skip to main content

This Mac malware can steal your credit card data in seconds

Despite their reputation for security, Macs can still get viruses, and that’s just been proven by a malicious new Mac malware that can steal your credit card info and send it back to the attacker, ready to be exploited. It’s a reminder to be careful when opening apps from unknown sources.

The malware, dubbed MacStealer, was discovered by Uptycs, a threat research firm. It hoovers up a wide array of your personal data, including the iCloud Keychain password database, credit card data, cryptocurrency wallet credentials, browser cookies, documents, and more. That means there’s a lot that could be at risk if it gains a foothold on your Mac.

A fake password prompt created by the MacStealer macOS malware.
A fake password prompt created by the MacStealer macOS malware. Uptycs

MacStealer begins its attacks using an installer file called weed.dmg. Opening this launches a fake password prompt that harvests your login credentials and uses them to access your sensitive information, which is then zipped up and sent to a server controlled by the hacker. Once that’s done, the stolen data is broadcasted to interested parties on a dedicated Telegram channel.

Fortunately, even though MacStealer can extract your Mac’s iCloud Keychain database, it isn’t able to extract the passwords stored within. That’s because iCloud Keychain encrypts any data it stores. As the attackers note, without a user’s master password, getting at those passwords is “almost impossible.”

How to protect yourself

Apple's Craig Federighi speaking about macOS security at WWDC 2022.

Right now, the malware’s developers are selling it for $100 per build, making it relatively affordable in the world of malware as a service. According to the developer, the low price is due to the malware lacking a user panel and any builder functionality, as well as its current beta status.

Unfortunately, it seems like the threat actor developing MacStealer has some more ideas that they are planning to incorporate into future versions. That includes a cryptocurrency wallet drainer, a user control panel, the ability for customers to generate new builds themselves, and more.

If you want to protect yourself from MacStealer (and other Mac malware), you should keep your Mac up to date with the latest patches from Apple and only allow the installation of apps from trusted sources (such as the official App Store). Installing an antivirus app would also be a good idea, as would using one of the best password managers to keep your sensitive data locked up and encrypted.

Editors' Recommendations

Alex Blake
In ancient times, people like Alex would have been shunned for their nerdy ways and strange opinions on cheese. Today, he…
How to take a screenshot on a Mac
The keyboard and trackpad of the MacBook Pro 14-inch.

For most new Mac users -- especially if they're coming from Windows -- one of the first questions they need to ask is how to take a screenshot on a Mac? There's no dedicated Print Screen key like there is on Windows, but there is keyboard shortcut, and if you want something more akin to Microsoft's Windows Snipping tool, there are some great screenshot apps you can use, too.

Here's how to take a screenshot on a Mac in a few different ways.
How to take a screenshot using keyboard shortcuts
MacOS keyboard shortcuts are the quickest ways to take screenshots, whether you're capturing the entire screen or just a portion. By default, Apple's methods save your screenshot to the desktop, but if you want to copy the screenshot to the clipboard, there's a keyboard shortcut you can use instead.
How to capture a selected area

Read more
I was wrong about using Stage Manager on Mac
Stage manager in macOS Ventura.

Stage Manager is one of those software features that has had a rather bumpy road since Apple launched it in 2022. The unique multitasking feature has landed itself in a heap of criticism over its short lifespan.

I, however, was not one of these critics. I was super excited by Stage Manager and the promise it contained. It was something new and shiny, here to shake up macOS in a fresh and different way. Even after using it myself, I foresaw it fundamentally changing the way I used my Mac.

Read more
Does your Mac really need antivirus software? We asked the experts
The MacBook Air on a white table.

There’s been a long-held belief that if you own a Mac, you don’t need to use any type of antivirus software to keep your machine free of malware and other destructive code. But it turns out this may actually be more of an old wive’s tale than even the most devoted MacOS users would like to admit. Indeed, Apple has built many safeguards into its operating system, but that doesn’t always mean you’re completely safe. 

We get it: Who would want to sign up for a free or paid version of another computer-adjacent thing? That being said, it never hurts to have too much protection for your Mac. This is a complex topic though, and we asked some Apple insiders to weigh in on the discourse.
Vulnerabilities in Apple’s systems
The belief that Macs are fairly resilient to malware isn’t just idle fanboy-ism. Windows PCs make up roughly 90% of the market, making them a much more attractive target to malware makers.

Read more