CleanMyMac Cleaning App Interface – CLEANMYMAC
June 6 (Portaltic/EP) –
Researchers have discovered malware targeting macOS devices that is included in a fraudulent app posing as CleanMyMac to access the system and steal sensitive data, such as those stored in the browser and those related to cryptocurrency wallets.
CleanMyMac is a cleaning tool focused on eliminating unnecessary files, old caches or interrupted downloads, as well as unused files from services such as email or the Photos application.
Researchers of MoonLock Lab They have discovered a sample of ‘malware’ that managed to evade VirusTotal’s detection systems and that is aimed at macOS computers, as reported on their blog.
This is a malicious payload distributed via the illegitimate CleanMyMacCrack application, which users install on their computers believing it to be CleanMyMac. and whose infection chain begins when downloading this service.
The next stage starts with the execution of a file called Mach-O, which downloads an AppleScript capable of obtaining confidential information from the computer and executes it using the system command.
This malicious software is capable of collect user information such as name, browser data such as Chrome, Brave, Vivaldi, Opera or Edge; as well as extract your information from cryptocurrency wallets.
MoonLock has indicated that among the target portfolios Among the cybercriminals are Atomic Wallet, Coinomi, Electrum, Exodus, TonKeeper, Binance, Dogecoin Core, Guarda Wallet, Dash Core or Electrum-LTC.
The malicious script also collects macOS Keychain data, a native application that stores passwords and user account information. Likewise, it takes data from the Apple Note app and steals cookies from Safari.
Researchers have also announced that this ‘malware’ is linked to a threat actor known as Rodrigo4 and that employ advanced evasion methodsso it represents a danger for macOS users.
For this reason, they have recommended being careful with downloading applications from untrustworthy sources, keeping the computer’s software updated to have the corresponding security patches and use antimalware programs.
Add Comment