Downloading Questionable Apps Could Lead To A Malware Infection

A new Mac malware, called MacStealer, is able to extract iCloud passwords; files including .txt, .doc, .jpg, and .zip files; credit card details stored in browsers; and data from KeyChain.

The malware can steal "passwords, cookies, and credit card data from Firefox, Google Chrome, and Microsoft Brave browsers." According to researchers, the developers of the malware are working to enable it to also steal passwords and cookies from Safari and information from the Notes app.

The malware gathers the data into a single .zip file, sends it to the cybercriminals, then deletes the file from the user's Mac.

So far, Apple does not seem to have blocked the malware. Apple has not commented on it, and recently released updates do not appear to include a patch for MacStealer.

Fortunately, Gatekeeper will block the malware on most Macs because it is not digitally signed. In addition, a user would have to manually install and run the app and then enter their Mac password granting the app access to their system settings.

MacStealer appears to be distributed through an app called Weed that features a marijuana icon. Ben Lovejoy "MacStealer malware grabs iCloud passwords, files, and credit card details" 9to5mac.com (Mar. 28, 2023).

Commentary and Checklist

To help prevent a malware infection, it is essential to only download known and trusted apps from the official app store for your device.

Never download an app in response to a pop-up or unsolicited text or e-mail. Do not download apps from third-party websites.

Always make sure that the app is the official app before downloading by checking the name, icon, developer, and other attributes. Also check reviews to confirm that it performs its stated task as expected without causing performance issues on the device, which could be a sign of malware.

In addition, do not grant apps more permission than they need to perform their stated function. Never enter your Mac password granting an app full control of your device.

Here are some additional malware prevention steps:

  • Respond quickly if you receive reports of spam coming from your account.
  • Install security software, including anti-virus and anti-spyware software, and pop-up blockers.
  • Maintain a firewall on all computers and devices.
  • Set your security software, Internet browser, and operating system to update automatically.
  • Back-up your data regularly to prevent lost data if your computer becomes infected and crashes.
  • Set your browser's security setting to detect unauthorized downloads.
  • Do not select links or open any attachments in emails unless you are familiar with the link or attachment.
  • Only download and install software from trusted websites.
  • Avoid downloading free online software.
  • Never select any links in a pop-up window.
  • Never download software in response to an unexpected pop-up, especially if it claims to have detected malware on your computer.
  • Remember that most legitimate organizations will never ask for personal or account information through email.
  • Never respond to spam.
  • Never reveal personal or financial information in response to an email request.
  • Use common sense. If an offer sounds too good to be true, it probably is.
  • Confirm requests for information by contacting the sender by phone, using the number on an invoice or legitimate email.
  • Tell others who use your devices, including your children, about how to avoid malware.
  • If you suspect your device has malware, immediately disconnect from the Internet, and keep your device disconnected until the malware is removed.
Finally, your opinion is important to us. Please complete the opinion survey: