Intel-based Macs under attack from new MetaStealer malware — how to stay safe

 MacBook Pro 13-inch 2018
MacBook Pro 13-inch 2018

Older Intel-based Macs are currently being targeted by new Mac malware capable of stealing passwords, files and more from vulnerable Apple computers.

As reported by BleepingComputer, this new malware strain has been dubbed MetaStealer by the security researchers at SentinelOne who discovered it and have been tracking its progression for the past few months.

Besides targeting older Macs instead of the best MacBooks with Apple Silicon, this malware is particularly troubling as it can evade Apple’s built-in XProtect antivirus. It also shares some similarities with the Atomic Stealer malware but most of its code is different, as are the delivery methods hackers are using to distribute it.

MetaStealer is mainly being used to target business users running Intel-based Macs at the moment, but the hackers behind this campaign could widen their net to go after Macs running Apple Silicon.

Stealing passwords and files from vulnerable Macs

The MetaStealer malware is currently being distributed through phishing emails with a focus on work, with the hackers behind the campaign posing as clients or business partners according to a blog post from SentinelOne.

These messages contain disk image files that when downloaded and mounted on macOS, appear as PDFs, though they’re actually executables that use the “.app” file extension. These fake PDF files are an easy way to trick victims into opening them since they appear to be documents and not applications that will be installed on their Mac.

Once opened and installed though, these seemingly benign files install the MacStealer malware which then syphons off sensitive information including passwords, system files and app data from compromised Macs. The malware is also capable of stealing data from Apple’s Keychain password manager as well as Telegram and Facebook.

As Keychain is a system-level password manager, it also stores Wi-Fi network passwords, encryption keys, credit card info and private notes in addition to passwords for websites and applications. With all of these credentials in hand, hackers deploying the MetaStealer malware could launch all manner of attacks against users with vulnerable Macs.

There’s good news for the time being though as MetaStealer only runs on Intel-based Macs and not newer Apple computers using the company’s M1 and M2 chips. This could change though which is why this is certainly a Mac malware strain to keep an eye on going forward.

How to stay safe from Mac malware

A padlock resting next to the Apple logo on the lid of a gold-colored Apple laptop.
A padlock resting next to the Apple logo on the lid of a gold-colored Apple laptop.

Just like with Windows malware, you need to be extra careful when downloading and opening any attachments from unknown senders in your inbox. You should carefully inspect the file name and it’s worth sending a follow up email to the sender before you download any files in the original message or click on any links it contains.

At the same time, you want to be on the lookout for red flags that often appear in phishing emails like misspelt words and poor grammar. These are a clear giveaway that the email isn’t from a client and that a hacker or scammer sent it instead.

To protect your Mac from malware though, you should also consider using one of the best Mac antivirus software solutions. Sure, XProtect comes pre-installed on every Mac but just like with Windows Defender, it’s often a good idea to invest in paid antivirus software for extra protection. Likewise, you may want to use one of the best password managers instead of Apple’s Keychain to store your passwords and other sensitive information.

MetaStealer is a powerful new Mac malware but as of now, it only poses a threat to older Intel-based Macs. Still though, given its advanced capabilities, the cybercriminals behind it are likely already working on a way to port it to run on Apple Silicon.

More from Tom's Guide