Moonlock security researchers, the cyber security division of the MacPaw brand, Through sample analysis, a sophisticated attack using disguise was discovered It should be nothing more and nothing less than the video game that will be popular the moment it is released, GTA6. The malware has the following features: aims to install itself and extract confidential information by directly targeting passwords It is hosted in the macOS keychain.

How does the newly discovered malware for macOS work?

One Typical type of software used for password theftcollects logins and passwords from the infected computer and Reaching the attacker via remote connection or email. Besides acting like an exact copy of GTA 6 There is also another disguise that can impress more than you think, Impersonates a cloned version of Notion.

Malware teaches how to bypass Gatekeeper

We, as users, have the authority to grant access to the installation of certain applicationsEven though Apple tells us via Gatekeeper He said that unsigned applications coming from the internet cannot be fully downloaded and installed due to malware detail. Simply click and open; In the latest versions of macOS, such as Sonoma, you already need to go into the Privacy and security section to get that access.

Once you have access to our team, DMG file publishes another file called AppleApp. AppleApp by Moonlock Initiates request to specific URL from Russian IP. Once the connection is established, resources that do not pass through the file system begin to be downloaded. Finally, The user provides the user credentials and password and is then tricked into trying to install a utility application that is completely wrong..

An example of how a default helper application requests access for installation

The malware searches system directories for valuable data such as cookies, form history, and login credentials of popular web browsers. Moreover, Searches the macOS Keychain database and determines if the user has a cryptocurrency wallet.

How can we protect ourselves as macOS users?

The good news is that not all malware created is intended for everyone. According to 9to5Mac, Only 6% of this malware is aimed at macOS users. In terms of threats lately, this whole malware ring is aimed at macOS. A security vulnerability has recently emerged that completely compromises Apple silicon architecture.

Apple pays good money to find vulnerabilities in its system

Now that you’ve read about how this new type of malware works, remember that you should investigate the environment of any app before installing it outside of the official Mac App Store. Do not avoid Gatekeeper, on the contrary, remember that it is an invaluable protection that reminds us that any action taken outside Apple’s secure environment is dangerous. And most importantly, remember that your devices and applications must be updated to prevent any vulnerabilities or threats in the future.