Apple users aren’t entirely immune to malware, and a new macOS threat proves it. Recently, Moonlock Lab’s cybersecurity team uncovered a malware strain that easily evades detection. This malware starts its infection chain when a user downloads a file named CleanMyMacCrack.dmg, thinking it’s a cracked version of a popular utility software CleanMyMac.
The infection begins when users download a file named CleanMyMacCrack.dmg from a dubious site. Once launched, it executes a Mach-O file that downloads an AppleScript, which then starts collecting data.
The malware targets various browsers, extracting browsing history, cookies, and saved passwords. It also identifies and accesses directories containing cryptocurrency wallets, potentially giving attackers access to users’ crypto assets.
Additionally, the script copies macOS keychain data and Apple Notes data, further compromising user security. The stolen data is then exfiltrated to a command-and-control server, where the threat actors have access to it.
The malware is linked to a Russian-speaking threat actor known as Rodrigo4, who has been active on underground forums. He recruits other hackers to distribute the stealer through SEO manipulation and ads.
To protect against this malware, users should only download software from trusted sources and keep their operating systems and apps updated. Using reputable security software is also highly recommended.