Cado Security has revealed its researchers discovered malware-as-a-service (MaaS) targeting macOS that steal credentials and cryptocurrency wallets from various stores, including game accounts.
The malware is an Apple disk image (dmg) impersonation bundled with GoLang binaries disguised as legitimate software, including CleanMyMac, Grand Theft Auto IV (there appears to be a typo for VI), and Adobe GenP.
The dmg and a command-line tool for running AppleScript and JavaScript prompts users to open the software and provide their passwords. The malware fingerprints the victim’s system to gather IP details, OS version, hardware, and software information.
Cado discovered the malware sold on two well-known malware marketplaces, which are used for communication, arbitration, and advertising of the stealer. The developers and affiliates operate as a team using Telegram, rented to individuals for $500/month.
The leading developer pays affiliates a percentage of earnings based on what their deployment of the stealer has stolen. Each affiliate of the stealer is responsible for deploying the malware.
While MacOS has long been considered a secure system, malware targeting Mac users remains an increasing security concern, underscoring the demand for how to protect Apple users against cyber threats.
Tara Gould, Threat Researcher at Cado Security, explores how the MaaS operators carry out their activities, best practices for significantly reducing the risk of falling victim to Mac malware, and recommendations for ensuring systems remain secure.
You can read the research here.
Like this:
Like Loading...
Related
This entry was posted on August 22, 2024 at 8:17 am and is filed under Commentary with tags Cado Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
New Malware Targets macOS, Increasing Apple Security Immunity Concerns Against Cyber Threats
Cado Security has revealed its researchers discovered malware-as-a-service (MaaS) targeting macOS that steal credentials and cryptocurrency wallets from various stores, including game accounts.
The malware is an Apple disk image (dmg) impersonation bundled with GoLang binaries disguised as legitimate software, including CleanMyMac, Grand Theft Auto IV (there appears to be a typo for VI), and Adobe GenP.
The dmg and a command-line tool for running AppleScript and JavaScript prompts users to open the software and provide their passwords. The malware fingerprints the victim’s system to gather IP details, OS version, hardware, and software information.
Cado discovered the malware sold on two well-known malware marketplaces, which are used for communication, arbitration, and advertising of the stealer. The developers and affiliates operate as a team using Telegram, rented to individuals for $500/month.
The leading developer pays affiliates a percentage of earnings based on what their deployment of the stealer has stolen. Each affiliate of the stealer is responsible for deploying the malware.
While MacOS has long been considered a secure system, malware targeting Mac users remains an increasing security concern, underscoring the demand for how to protect Apple users against cyber threats.
Tara Gould, Threat Researcher at Cado Security, explores how the MaaS operators carry out their activities, best practices for significantly reducing the risk of falling victim to Mac malware, and recommendations for ensuring systems remain secure.
You can read the research here.
Share this:
Like this:
Related
This entry was posted on August 22, 2024 at 8:17 am and is filed under Commentary with tags Cado Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.