Hackers reuse dangerous ones malware for stealing information target Mac users and extract passwords and other sensitive personal information from their computers.
As reported News about hackerswe are actually dealing with two Mac Malware strains here, but while their infection methods are different, they are both designed to steal sensitive data from the best MacBooks and other Apple computers.
While the first infostealer is distributed using malicious ads in Google and other search engines, another directs potential victims to a fake website using free software as bait.
Here’s everything you need to know about these new malware campaigns, along with some tips and tricks on how you can avoid getting your Mac infected with malware.
Bad ads that serve malware
Although Safari comes pre-installed on every macOS computer, some Apple users prefer Google Chrome while others are interested in testing new browsers with different features.
Although it is based on Chromium like many other browsers, Arc browser does things a little differently thanks to a unique sidebar and bookmarks approach. Since its release in 2022, Arc Browser has become a popular alternative to Safari for many Mac users.
The hackers behind this malware campaign are well aware of this fact, and in order to capitalize on its popularity, they have purchased advertising space on Google and other search engines that advertise Arc Browser. However, instead of taking you to the browser’s official site (https://arc.net/), these fake ads take unsuspecting users to similar sites like “airci[.]net” that serve malware.
In an effort to avoid detection, these similar sites cannot be accessed directly, instead, they can only be accessed “via a sponsored link generated” by new report from Jamf Threat Labs, which first identified this campaign.
If a Mac user clicks on one of these ads and then proceeds to download what they think is Arc Browser, installing the included file (“ArcSetup.dmg”) actually puts Atomic thief malware to their Mac. The malware then uses a fake prompt to trick victims into entering their system password, which gives the hackers behind this campaign access to all the sensitive data stored on their Mac.
Rogue software steals credentials
In addition to the one described above, Jamf’s security researchers also discovered a similar campaign being used for distribution Realist info-stealer malware.
This campaign uses a fake website called meethub[.]gg which claims to offer free group meeting scheduling software. However, when Mac users download and install it, they instead infect their computers with the Realst malware.
Just like Atomic Stealer, Realst also uses a fake prompt to trick victims into entering their system passwords. However, from here the malware uses an AppleScript call to perform its malicious activities on the infected Mac.
While this campaign uses freeware as bait, others who spread the Realst info-stealer have in the past used job opportunities or podcast interviews to trick unsuspecting users into installing malware on their computers. What sets Realst apart from other types of Mac malware we’ve seen in the past is that it can bypass macOS. Gatekeeper a security feature that, as the name suggests, checks downloaded apps to make sure they’re free of malware before they can be installed on your Mac.
As Jamf points out in its report, many of these attacks “are often focused on those in the crypto industry” as this can lead to higher payouts for the hackers behind them. However, since fake ads and fake software are routinely used to distribute these infostealers, there is always a chance that ordinary users can fall for them as well.
How to protect yourself from Mac malware
When it comes to protecting you and your Mac from malware, you need to be more vigilant online, as both of these campaigns could have been easily avoided by taking a few precautions.
When searching for new software on Google and other search engines, it is highly recommended that you scroll down to the actual developer’s website rather than clicking on the first result. The reason for this is that Google now shows ads at the top before you get to the actual search results below them. Anyone (including hackers and other cybercriminals) can buy advertising space online, and if you click on one of these fake ads, they can take you to phishing site designed to steal your credentials or even to a malicious site that distributes malware.
In addition to fake ads, hackers often build elaborate websites that promote fake software that may appear legitimate at first glance. This is why I recommend sticking to software from well-known and reputable brands. Free software may seem appealing, but you’ll end up paying a lot more in the long run if your Mac is infected with malware or worse, ends up to steal your identity. Paid software is usually the safer route, but there are plenty of legitimate free apps and programs out there. You just need to do your research first and make sure you are on the actual company website when you download and install them.
While macOS has its own built-in malware scanner called XProtect, for added protection you should also consider using one of the best Mac antivirus software apartments. Not only are their malware scanning mechanisms updated more regularly, but many of them add other additional security features such as VPN or a password manager.
There’s a lot of money to be made from infecting Macs with malware, which is why the hackers behind these and other similar campaigns aren’t likely to slow down anytime soon. Although owning a Mac used to mean dealing with fewer viruses than you would on one of the best windows laptops, that’s simply not the case anymore. This means that Mac owners now have to be extra careful online, and this is especially true when it comes to downloading and installing new software.