Password-stealing malware campaign targets macOS users
getty
Threat researchers have confirmed that a new scam targeting macOS users is actively being exploited by hackers to download malware that attempts to steal passwords from the keychain and through Chrome, Bravo, and Vivaldi web browsers. The campaign has been active for four months, using fake companies to distribute stealer malware disguised as a video meeting application. Here’s what you need to know.
The Mac Malware Threat To Your Passwords Exposed
In a new report published by Tara Gould, the threat research lead at Cado Security Labs, a new sophisticated scam targeting macOS users with AI-generated content has been identified. This scam tricks users into downloading a video call meeting application that is actually malware in disguise. “In order to appear as a legitimate company,” Gould said, “the threat actors created a website with AI-generated content, along with social media accounts.”
The threat analysis revealed that victims have been targeted in various ways, including through cloned contacts on Telegram and calls related to blockchain technologies and cryptocurrencies.
In a separate analysis by Joshua Long, chief security analyst at Mac security specialists Intego, users are warned that the same fake meeting software could potentially be used in other scam campaigns.
The malware attempts to steal sensitive data from the macOS Keychain and various Chromium-based browsers, including session cookies used for bypassing two-factor authentication protections.
The campaign claims to offer applications for macOS, Linux, and Windows but all download links lead to the macOS version. When the download file is opened, it prompts a macOS password entry.
Mitigating The Mac Malware Threat To Your Passwords
The use of AI in this campaign shows how threat actors can create realistic websites to trick users and make scam identification difficult. Users should be cautious when approached about business opportunities, especially through Telegram,” Gould said.
Intego VirusBarrier protects users from this malware by detecting samples from this campaign.
It’s important to stay informed and protected against phishing scams. For more information on combatting scams, read this guide.
