Subj : MacOS devices are being hit by new malware strains - and they're To : All From : TechnologyDaily Date : Wed Jan 17 2024 19:00:05 MacOS devices are being hit by new malware strains - and they're able to quickly evolve to avoid detection Date: Wed, 17 Jan 2024 18:44:09 +0000 Description: The tug-of-war between hackers and Apple is never-ending, and IT teams should prepare accordingly, SentinelOne warns. FULL STORY ====================================================================== Hackers are developing infostealing malware for macOS at such pace that Apple cant keep up. As a result, multiple variants frequently move past macOS anti-malware system, XProtect, and steal sensitive data from compromised endpoints. This is according to a new report from cybersecurity researchers SentinelOne, which gave three examples: KeySteal, Atomic Stealer, and CherryPie. KeySteal is an infostealing malware first spotted in 2021, which has evolved significantly since then. It is designed to steal information from Keychain, macOS native password manager where users can store credentials, private keys, notes, and more. Last time Apple updated its signature for KeySteal was roughly a year ago, in February 2023, but the malware has undergone such a dramatic change since then that XProtect no longer detects it. Its only weakness, at the moment, is the hardcoded command & control (C2) server address, but the researchers believe the developers will address this soon, as well. Inadequate static detection Atomic Stealer, on the other hand, was first spotted in May 2023, and even though Apple updated XProtects signature in early January this year, some variants are still moving past it. Also known as AMOS, this infostealer is capable of more than just grabbing Keychain data, it steals information from the majority of popular browsers (passwords, credit card data, etc.), as well as cryptocurrency wallets. It can also steal website cookies to bypass passwords and multi-factor authentication. Finally, CherryPie (sometimes referred to as Gary Stealer, or JaskaGo) was first seen in early September last year. The majority of its variants get picked up by XProtect, but the researchers still say its far from ideal. The moral of the story, according to SentinelOne, is that organizations and consumers alike should not rely solely on static detection for security. A more robust approach is needed, one which includes antivirus software featuring advanced dynamic or heuristic analysis abilities. Via BleepingComputer More from TechRadar Pro Beware, all Windows and Mac devices possibly at risk Here's a list of the best firewalls around today These are the best endpoint security tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/macos-devices-are-being-hit-by-new-malw are-strains-and-theyre-able-to-quickly-evolve-to-avoid-detection --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .