Older Intel-based Macs are currently being targeted by new Mac malware capable of stealing passwords, files and more from vulnerable Apple computers.
As reported by BleepingComputer, this new malware strain has been dubbed MetaStealer by the security researchers at SentinelOne who discovered it and have been tracking its progression for the past few months.
Besides targeting older Macs instead of the best MacBooks with Apple Silicon, this malware is particularly troubling as it can evade Apple’s built-in XProtect antivirus. It also shares some similarities with the Atomic Stealer malware but most of its code is different, as are the delivery methods hackers are using to distribute it.
MetaStealer is mainly being used to target business users running Intel-based Macs at the moment, but the hackers behind this campaign could widen their net to go after Macs running Apple Silicon.
Stealing passwords and files from vulnerable Macs
The MetaStealer malware is currently being distributed through phishing emails with a focus on work, with the hackers behind the campaign posing as clients or business partners according to a blog post from SentinelOne.
These messages contain disk image files that when downloaded and mounted on macOS, appear as PDFs, though they’re actually executables that use the “.app” file extension. These fake PDF files are an easy way to trick victims into opening them since they appear to be documents and not applications that will be installed on their Mac.
Once opened and installed though, these seemingly benign files install the MacStealer malware which then syphons off sensitive information including passwords, system files and app data from compromised Macs. The malware is also capable of stealing data from Apple’s Keychain password manager as well as Telegram and Facebook.
As Keychain is a system-level password manager, it also stores Wi-Fi network passwords, encryption keys, credit card info and private notes in addition to passwords for websites and applications. With all of these credentials in hand, hackers deploying the MetaStealer malware could launch all manner of attacks against users with vulnerable Macs.
There’s good news for the time being though as MetaStealer only runs on Intel-based Macs and not newer Apple computers using the company’s M1 and M2 chips. This could change though which is why this is certainly a Mac malware strain to keep an eye on going forward.
How to stay safe from Mac malware
Just like with Windows malware, you need to be extra careful when downloading and opening any attachments from unknown senders in your inbox. You should carefully inspect the file name and it’s worth sending a follow up email to the sender before you download any files in the original message or click on any links it contains.
At the same time, you want to be on the lookout for red flags that often appear in phishing emails like misspelt words and poor grammar. These are a clear giveaway that the email isn’t from a client and that a hacker or scammer sent it instead.
To protect your Mac from malware though, you should also consider using one of the best Mac antivirus software solutions. Sure, XProtect comes pre-installed on every Mac but just like with Windows Defender, it’s often a good idea to invest in paid antivirus software for extra protection. Likewise, you may want to use one of the best password managers instead of Apple’s Keychain to store your passwords and other sensitive information.
MetaStealer is a powerful new Mac malware but as of now, it only poses a threat to older Intel-based Macs. Still though, given its advanced capabilities, the cybercriminals behind it are likely already working on a way to port it to run on Apple Silicon.
More from Tom's Guide
Get the BEST of Tom’s Guide daily right in your inbox: Sign up now!
Upgrade your life with the Tom’s Guide newsletter. Subscribe now for a daily dose of the biggest tech news, lifestyle hacks and hottest deals. Elevate your everyday with our curated analysis and be the first to know about cutting-edge gadgets.
Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.