While malware attacks on Windows and Android systems are more frequent, macOS is not immune to such dangers. Cybersecurity experts at Moonlock Lab have identified a new type of macOS malware that adeptly avoids detection and poses a serious threat to user data and cryptocurrency.
How the Malware Spreads
The infection starts when users visit websites that offer pirated software. On these sites, they might download a file called CleanMyMacCrack.dmg, thinking it’s a cracked version of the CleanMyMac utility. However, launching this DMG file triggers a Mach-O executable, which then downloads an AppleScript. This script is specifically designed to steal sensitive information from the infected Mac.
Malware Capabilities
Once the malware infiltrates a macOS system, it can carry out a range of malicious activities:
- It captures and stores the Mac user's username.
- The malware sets up temporary directories to store stolen information temporarily.
- It retrieves browsing history, cookies, saved passwords, and other data from different web browsers.
- The malware identifies and accesses directories containing cryptocurrency wallets.
- It copies data from the macOS keychain, Apple Notes, and Safari cookies.
- It gathers general user information, system specifications, and metadata.
- All the collected data is eventually exfiltrated to the attackers.
Link to a Known Hacker
Moonlock Lab has traced this macOS malware back to a notorious Russian-speaking hacker known as Rodrigo4. This individual has been seen on the XSS underground forum, where he is actively seeking collaborators to help spread his malware through search engine optimization (SEO) manipulation and online advertisements.
Rodrigo4's method involves manipulating search engine results and placing ads to lure unsuspecting users into downloading the malicious software. By making the malware appear as a popular utility, he increases the chances of users downloading and installing it, unknowingly compromising their systems.
How to Protect Yourself
To prevent this malware from infecting your Mac, Moonlock Lab recommends several precautions:
1. Only download software from reputable and trusted sources.
2. Regularly update your operating system and all installed applications.
3. Use reliable security software to detect and block malware.
The crucial point is users should be cautious about downloading software from unverified websites and avoid using pirated software, as these are common vectors for malware distribution. Staying informed about the latest cybersecurity threats and adopting good digital hygiene practices can also drastically reduce the risk of infection.
