Researchers have found the new macOS malware “MetaStealer” running active campaigns against Mac devices. The Go-based infostealer lures victims via social engineering, specifically infecting Intel-based Mac systems.
MetaStealer Actively Targeting Macs In Recent Malware Campaigns
In a recent report, the cybersecurity giant SentinelOne elaborated on a newly found macOS malware actively targeting Macs.
Identified as the “MetaStealer,” the malware exhibits a different Go source code, with some overlaps and similarities with the other existing Mac malware, such as Atomic Stealer. Besides, the researchers also noticed it using similar social engineering techniques to trick victims.
However, MetaStealer isn’t a spinoff of any existing Mac malware; it’s a new malware constituting a separate malware family aimed at Mac devices. Moreover, it also demonstrates a different network architecture and delivery methods. Nonetheless, the researchers didn’t rule out the possibility of both malware belonging to the same threat actors.
Regarding the recent campaigns, the researchers observed the threat actors distributing MetaStealer via bundled applications. They typically aim at macOS business users by mimicking fake clients and naming the malicious malware droppers with seemingly legit titles, such as “Official Brief Description” or “Contract for Payment & Confidentiality Agreement.” The attackers then deliver the payload to the victims via password-protected ZIP files containing the malware in the disk image format (DMG). In some cases, the malware also impersonated Adobe Photoshop installer and other Adobe files.
The existing MetaStealer variant seems highly targeted for Intel-based Mac systems, as the researchers observed the single architecture Intel x86_64 binaries in all samples. This malware cannot infect Apple M1 and M2 machines without using Rosetta. Nonetheless, the risk for future variants to target other Mac machines also persists.
The researchers observed that Apple’s XProtect update v2170 contains a detection signature for some MetaStealer versions. However, this detection isn’t as inclusive right now. Therefore, Mac users, particularly business users, must remain vigilant when interacting with attachments from anyone outside their trusted contacts.
Let us know your thoughts in the comments.