MacStealer: new macOS malware

Macs have a reputation for being secure, but they can still get viruses, and a new malicious Mac malware has proven that. This malware was named MacStealer and can steal your credit card info and send it back to the attacker, ready to be exploited.

MacStealer, a malicious software discovered by Uptycs, a respected threat research firm, is capable of surreptitiously harvesting a wide range of personal data from your Mac. This includes sensitive information such as your iCloud Keychain password database, credit card data, cryptocurrency wallet credentials, browser cookies, documents, and more. The potential ramifications of this breach are severe, as it puts a substantial amount of your private information in jeopardy if MacStealer gains access to your Mac system.

MacStealer Features

Fake password prompt

The MacStealer malware initiates its malicious activities through an installer file named weed.dmg. Upon opening the file, a deceptive password prompt is displayed, tricking users into entering their login credentials. These stolen credentials are then used by the hacker to gain unauthorized access to the victim’s sensitive information. The harvested data is compressed into a zip file and transmitted to a server under the hacker’s control. Finally, the stolen data is shared with interested parties through a dedicated Telegram channel.

The stealer exhibits the following capabilities:

  • Collect the passwords, cookies, and credit card data from Firefox, Google Chrome, and Brave browsers
  • Extract files (“.txt”, “.doc”, “.docx”, “.pdf”, “.xls”, “.xlsx”, “.ppt”, “.pptx”, “.jpg”, “.png”, “.csv”, “.bmp”, “.mp3”, “.zip”, “.rar”, “.py”, “.db”)
  • Extract KeyChain database (base64 encoded)


  • Keep your Mac systems up-to-date with the latest updates and patches
  • Only permit the installation of files from trusted sources that allow ‘App Store’ or ‘App store and identified developers.’

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *