Cybersecurity researchers at Cado Security have identified a new malware-as-a-service (MaaS) targeting macOS users and cryptocurrency holders.
Once the user mounts the dmg file, the user is asked to launch the software.
After entering the initial password, a second prompt requests the users MetaMask password.
It then creates a directory in /Users/Shared/NW to store stolen credentials in text files.
The malware is also designed to dump iCloud Keychain passwords in Keychain.txt using an open-source tool called Chainbreak.
This led to a permanent ban from the marketplace where the malware was promoted.
Although macOS has long been considered a secure system, malware targeting Mac users remains an increasing security concern.
