Bad news for MacBook owners. They face an insidious enemy. Malware called “MetaStealer” is plaguing them with data theft. The hackers have designed software that also masquerades as legitimate app installers. The techniques are used to attack businesses and steal data from MacBooks.
MacBook users should be wary of the hackers MetaStealers!
Malware attacks on macOS continue to be a problem. But why are the attacks so damaging? Unfortunately, attacks are successful because they force users to open executable files. These attacks are called “MetaStealer” by macOS information thieves. Researchers have figured out how this thieving software works. They published a report detailing how it works. This report explains how this thieving software works by tricking users into opening disk images.
Hackers continue to develop mind-boggling methods. Hackers called MetaStealer targeted MacBooks
Unfortunately, MetaStealers are very professional about naming. The disk image file that holds the payload is often given names that might be of interest to their users.
The examples are endless! From presentation names to concept menus with dishes and English translations. They have even gone further. “They even forge the names of the installers of Adobe products like Lucasprop and Photoshop.
In fact, the effort to perform an installation is becoming more and more difficult for hackers every day in various ways. The disk image contains the minimum content that would exist beyond the data payload. Therefore, the file also does not contain an Apple Developer ID string.
These create extra obstacles. So the attackers need to somehow convince the potential victim to override Gatekeeper and OCSP. The samples collected are all single-architecture Intel x86_64 binaries. So while they can be used directly on Intel Macs, they need to use Rosetta to run on Apple Silicon Macs.
Users should be careful when opening suspicious files sent by others or downloaded from unofficial sources. Apple has already implemented some protective measures. Apple has designed part of the XProtect x2170 update to include a detection signature that affects some versions of MetaStealer.