Click to Skip Ad
Closing in...

Dangerous macOS malware steals browser data and cryptocurrency

Published Jun 5th, 2024 8:37PM EDT
2019 MacBook Pro with Touch Bar
Image: José Adorno for BGR

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Our malware articles typically concern either Android or Windows, but Apple users occasionally have to deal with malicious software of their own. For instance, the Moonlock Lab cybersecurity team recently discovered a macOS malware strain that can easily evade detection.

As the researchers explain, the infection chain begins when a Mac user visits a site in search of pirated software. On the site, they might download a file titled CleanMyMacCrack.dmg, believing that the file is a cracked version of the Mac cleaning software, CleanMyMac. After launching that DMG file on their computer, a Mach-O file is executed, which downloads an AppleScript capable of stealing sensitive information from the Mac.

Here’s everything the malware can do once it infects a macOS computer:

  • Collects and stores the Mac owner’s username
  • Sets up temporary directories to store stolen data before exfiltration
  • Extracts browsing history, cookies, saved passwords, and more from browsers
  • Identifies and accesses common directories containing cryptocurrency wallets
  • Copies macOS keychain data, Apple Notes data, and cookies from Safari
  • Gathers general user information, system details, and metadata
  • Exfiltrates all the stolen data to threat actors

Moonlock claims that the macOS malware appears to be linked to well-known Russian-speaking threat actor Rodrigo4. The hacker was reportedly seen on the XSS underground forum recruiting other hackers to help distribute his stealer through SEO manipulation and ads.

If you want to avoid this macOS malware from infecting your computer, Moonlock recommends only downloading software from trusted sources, keeping your operating system and all of your apps updated, and using security software you trust.

Jacob Siegal
Jacob Siegal Associate Editor

Jacob Siegal is Associate Editor at BGR, having joined the news team in 2013. He has over a decade of professional writing and editing experience, and helps to lead our technology and entertainment product launch and movie release coverage.