Info Stealer

MacStealer

First seen: 2023 • Status: active

Currently Active Threat

MacStealer breaks into your Mac iCloud Keychain to steal passwords and cryptocurrency wallet secrets.

Overview

MacStealer is an information stealer targeting macOS users. It harvests iCloud Keychain data, browser credentials, and cryptocurrency wallet information.

Also Known As

Mac Stealer

How It Spreads

  • Phishing
  • Fake DMG files
  • Malvertising

What It Does

  • iCloud Keychain theft
  • Browser credential extraction
  • Crypto wallet theft
  • Discord token theft

Is your business exposed?

Target Platforms

macOS

Detection Tips

  • Monitor for MacStealer DMG files
  • Check for Keychain access
  • Analyze Telegram exfiltration
  • Review crypto wallet access

MITRE ATT&CK Techniques

T1555, T1539, T1528, T1005

If You're Infected

  1. 1.

    Remove MacStealer

  2. 2.

    Reset iCloud password

  3. 3.

    Change all saved passwords

  4. 4.

    Secure cryptocurrency wallets

Related Malware

Atomicstealer, Poseidon, Banshee

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices