A sophisticated malware targeting Apple’s macOS, known as “mac.c Stealer,” is allegedly being sold on the dark web. The sale includes the complete source code for the stealer, its command-and-control panel, and the builder, for a starting price of $35,000. This development poses a significant threat to macOS users, as the availability of the source code could lead to the proliferation of new, customized variants of the malware, making it harder to detect and defend against. The seller claims the project is a ready-made business, complete with a small, existing customer base.
The “mac.c Stealer” is a potent information-stealing malware designed to compromise systems running on both Intel (x64_86) and Apple Silicon (ARM) architectures. Its capabilities are extensive and focus on exfiltrating a wide range of sensitive data from infected machines. The malware allegedly has the ability to collect:
- Passwords, cookies, history, and autofill data from Chromium-based browsers.
- Credentials from desktop cryptocurrency wallets and browser-based crypto extensions.
- Information from the macOS keychain.
- Telegram messenger sessions.
- Files from the desktop and documents folders.
- Google Chrome authentication tokens.
The sale of such a feature-rich stealer as a “ready-to-go” package is alarming for the cybersecurity community. It lowers the barrier to entry for less-skilled malicious actors to launch effective cyberattacks against macOS users. The incident underscores the growing trend of malware-as-a-service (MaaS) and highlights the continuous need for robust security measures, even on platforms traditionally considered more secure.
