MetaStealer alert: the new and fearsome threat for macOS

MetaStealer alert: the new and fearsome threat for macOS

I Mac are now one of the main objectives of cybercriminali.

To testify to this trend, there is a new family of infostealer per macOS, which is hitting business users hard. It’s about MetaStealermalicious agent detected and observed by SentinelOneis usually hidden in documents or other similar malicious files.

According to what was stated by Phil Stoker by SentinelOne”Many of the MetaStealer samples we observed are distributed in bundles of malicious applications contained in disk image (.dmg) format with names that indicate the targets were corporate users of Mac devices“.

Stoker himself then added how “This specific targeting of business users is somewhat unusual for macOS malware, which is most commonly found distributed via torrent sites or suspicious distributors of third-party software such as counterfeit versions of business, productivity, or other popular software“.

MetaStealer: An ever-evolving threat to businesses

MetaStealer malware is specifically designed for machines that use processors Apple M1 e M2, with cleverly obfuscated malicious code. Despite the ease with which cybercriminals can hide infostealer, researchers have managed to find some clues to its malware capabilities.

In this regard, it was possible to understand how the malware is capable of steal passwords saved and other sensitive data. Some variants of MetaStealer also have built-in code to target specific apps like Telegram e Facebook/Meta.

The malicious agent, identified last March, appears to be constantly evolving and, despite the efforts of Apple (con patch relative a XProtect), the IT giant seems to be struggling to keep this campaign at bay.

This, however, does not mean that macOS is not at the total mercy of cybercriminals. Stoker stated, in this sense that “Although we saw some versions that carried an Apple Developer code signature embedded in the executable (Bourigaultn Nathan (U5F3ZXR58U), none of the examples we observed attached a code signature or used an ad hoc signature. This means that to achieve execution , the threat actor would likely have to persuade the victim to ignore protections like Gatekeeper and OCSP“.

By maintaining a high level of attention and following Apple’s cybersecurity guidelines, you can avoid the unpleasant effects of this malware.

Leave a Reply

Your email address will not be published. Required fields are marked *