macOS MetaStealer | New Family of Obfuscated Go Infostealers Spread in Targeted Attacks.

This year has seen an explosion of infostealers targeting the macOS platform. Throughout 2023, we have observed a number of new infostealer families including MacStealer, PurelandAtomic Stealer and RealStealer (aka Realst). Over the last few months, we have also been tracking a family of macOS infostealers we call ‘MetaStealer’. Last week, Apple dropped a new signature for XProtect that detects some (but not all) variants of the MetaStealer family.

In this post, we describe how MetaStealer differs from other recent stealers, as well as indicate some intriguing overlaps with other malware. We highlight how threat actors are proactively targeting macOS businesses by posing as fake clients in order to socially engineer victims into launching malicious payloads, and we provide a comprehensive list of indicators to help threat hunters and security teams identify MetaStealer in their environments. All SentinelOne customers are automatically protected from macOS MetaStealer.

Don’t Stop Here

More To Explore

favicon__1_ removebg-png

BE THE FIRST TO KNOW

Stay informed with the latest insights in our Infostealers weekly report.

Receive immediate notification if your email is involved in an infostealer infection.

No Spam, We Promise

favicon__1_ removebg-png

BE THE FIRST TO KNOW

Stay informed with the latest insights in our Infostealers weekly report.

Receive immediate notification if your email is involved in an infostealer infection.

No Spam, We Promise