A new malware targeting macOS users is causing significant concern in cybersecurity circles. Dubbed Mac.c, this malware is posing a direct challenge to the well-known AMOS by appearing on dark web forums. Recent findings from Moonlock Lab highlight how this latest threat, marketed as an infostealer-as-a-service, threatens to expand its reach across Apple devices.
Mac.c: A Cost-Effective Competitor to AMOS
The notorious AMOS remains a leading malware option, priced at a whopping $3,000 per month. In contrast, Mac.c is strikingly more affordable, at just $1,500 monthly. Although it lacks some of the advanced functions offered by AMOS, Mac.c compensates for this with efficiency. By keeping its file size minimal and capitalizing on macOS native tools such as AppleScript, it reduces the chance of detection by security systems.
Security analysts have flagged various sample filenames, including Installer.dmg and deceptive variants masquerading as software cracks, like “Installer descrakeador adobe.dmg.” Once it infiltrates a system, Mac.c initiates data collection in several stages, cleverly camouflaging its operations within the legitimate processes of macOS to evade detection efforts. Moonlock Lab notes that it can avoid detection by XProtect through unique build generation, ensuring each compiled iteration has distinct signatures.
This malware has a keen focus on gathering:
- iCloud Keychain data
- Browser credentials and session artifacts from Google Chrome, Edge, Brave, and Yandex
- Crypto wallet information from applications like Ledger Live, MetaMask, Phantom, and Exodus
- System metadata along with targeted file downloads
Operators of Mac.c can manage infections through an administrative panel where they can track progress, generate builds, and configure various campaigns. This panel comes with optional modules such as a remote file grabber and a unique offering for phishing Trezor wallet seeds, available for an additional $1,000.
Unusual Transparency in Dark Web Development
One notable aspect of Mac.c is the public development approach taken by its creator, operating under the alias “mentalpositive”. Unlike the typical secretive nature of the cybercriminal world, this developer has chosen to openly document code revisions and feature enhancements over several months on darknet forums. Moonlock Lab views this transparency as a potential marketing strategy aimed at establishing credibility within the malware-as-a-service landscape.
While Mac.c may not outshine AMOS in terms of features, its lower cost has attracted the attention of lower-tier cybercriminals and trafficker groups. These individuals are utilizing phishing, malvertising, and cracked software methods to distribute the malware more widely.
Protecting Your macOS Against Mac.c
Cybersecurity experts emphasize the importance of vigilance for Apple users. Downloading only from the App Store or reliable sources and steering clear of suspicious email links and pop-ups are vital steps. Keeping macOS updated is crucial for defense against such threats.
Additionally, early warnings from security software like CleanMyMac have successfully flagged Mac.c samples, preventing potential breaches in some environments. Moonlock Lab stresses that with crypto theft being Mac.c’s primary objective, users managing digital assets are at heightened risk. As this malware continues its evolution, it’s poised to make a significant impact on the macOS security landscape, suggesting a shifting power dynamic within the underground infostealer market.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X for Updates
