Skip to main content

This dangerous new Mac malware steals your credit card info

People like to think that Apple’s Macs are more or less invulnerable to the assorted viruses and trojans that afflict Windows PCs, but that’s far from the truth. That’s just been aptly demonstrated by the emergence of a new malware strain that attempts to steal all of your passwords, credit card data, and more.

The discovery was made by security firm SentinelOne, which named the malware MetaStealer. According to SentinelOne, MetaStealer has the potential to trick you into giving away vital information that could cause a huge amount of damage, and it has a nefarious way of getting what it wants.

A hacker typing on an Apple MacBook laptop while holding a phone. Both devices show code on their screens.
Sora Shimazaki / Pexels

SentinelOne notes that the authors of MetaStealer appear to be targeting business owners who are running Apple’s macOS operating system, posing as potential clients in order to earn their trust and deceive them into installing the malware. That suggests a high level of determination and coordination on the part of MetaStealer’s creators.

Recommended Videos

For instance, SentinelOne cited one business owner who was tricked by someone masquerading as an interested client. “The man I’d been negotiating with on the job this past week sent me a password protected zip file containing this DMG file, which I thought was a bit odd,” they noted.

Please enable Javascript to view this content

“Against my better judgment I mounted the image to my computer to see its contents,” they continued. “It contained an app that was disguised as a PDF, which I did not open and is when I realized he was a scammer.”

SentinelOne states that MetaStealer often disguises itself as a PDF file, despite actually being a DMG installer. Its file names have included “AnimatedPoster.dmg,” “AdobeOfficialBriefDescription.dmg,” and “Advertising terms of reference (MacOS presentation).dmg,” all in an attempt to appear legitimate.

Stealing your passwords

A physical lock placed on a keyboard to represent a locked keyboard.
piranka / Getty Images

Once MetaStealer is running on a Mac, it tries to gather as much information as it possibly can. SentinelOne’s analysis identified code snippets for “exfiltrating the keychain, extracting saved passwords, and grabbing files.” A Mac’s keychain contains saved logins, credit card info, encryption keys, and other extremely sensitive data, so losing its contents could be catastrophic. Some samples also appear to target Telegram and Meta apps, giving MetaStealer its name.

MetaStealer is built using Intel x86_64 binaries, which means it is designed to run on Intel-based Macs. Apple started phasing these out in 2020 and replacing them with its own Apple silicon Macs. However, it bundled a translation app called Rosetta into macOS that lets users automatically run Intel apps on Apple silicon Macs. That means having a newer Apple-designed chip doesn’t necessarily protect your Mac from MetaStealer.

SentinelOne says 2023 has seen an “explosion of infostealers targeting the macOS platform,” and MetaStealer is just the latest in a long line of new malware strains aimed squarely at Apple’s customers. That means it’s more important than ever to keep your Mac secure, avoid downloading and running suspicious apps, and use an antivirus app to keep out digital nasties.

Alex Blake
Alex Blake has been working with Digital Trends since 2019, where he spends most of his time writing about Mac computers…
These are the 10 settings I always change on a new Mac
A MacBook Air on a desk with an open book in front of it.

Every time I buy a new Mac, there are a bunch of settings I change to improve the macOS experience. Some are quick tweaks that solve minor annoyances, while others are vital changes that make my Mac safer, faster, or just plain better.

Whether you’re running an earlier version of macOS or are reading this long after Sonoma has become old news, there are plenty of macOS settings you can adjust to get more from your Mac.
Turn on FileVault

Read more
Update your Apple devices now to fix these dangerous exploits
A person using a laptop with a set of code seen on the display.

If you’re an Apple user -- whether you have a Mac, an iPhone, an iPad, or an Apple Watch -- you need to update your devices as soon as possible. That’s because Apple has discovered three actively exploited vulnerabilities that could cause your devices serious harm, and the patches are already out to fix them.

One of the bugs was found in Apple’s Security framework and would allow a malicious app to completely bypass a device’s signature validation. Another bug concerns the WebKit browser engine and could grant a threat actor the ability to run arbitrary code when a victim views a certain web page.

Read more
In the age of ChatGPT, Macs are under malware assault
A person using a laptop with a set of code seen on the display.

It's common knowledge -- Macs are less prone to malware than their Windows counterparts. That still holds true today, but the rise of ChatGPT and other AI tools is challenging the status quo, with even the FBI warning of its far-reaching implications for cybersecurity.

That may be why software developer Macpaw launched its own cybersecurity division -- dubbed Moonlock -- specifically to fight Mac malware. We spoke to Oleg Stukalenko, Lead Product Manager at Moonlock, to find out whether Mac malware is on the rise, and if ChatGPT could give hackers a massive advantage over everyday users.
State-sponsored attacks

Read more