November 27, 2023 03:57 pm | Updated 03:57 pm IST

Apple’s macOS is being targeted by cybercriminals with an information-stealing malware, designed to steal passwords, browser cookies, and credit/debit card information. The campaign that was earlier reported to have targeted Windows users attempts to steal information stored in browsers, local files, data from over 50 cryptocurrency extensions, and keychain passwords.

The keychain password is a macOS built-in password manager that stores sensitive information including Wi-Fi passwords, website login credentials, payment details and other encrypted information.

The campaign leverages Binance Smart Chain contracts to hide malicious scripts supporting the infection chain in the blockchain. Compromised websites are then used to spread the campaign, allowing threat actors to distribute Windows-targeting malware, a report from The Bleeping Computer said.

MacOS users visiting compromised websites are targeted using a Safari update bait along with a Chrome overlay, that lures users into downloading malicious files.

The malicious code is sold to cybercriminals via Telegram channels for $1,000/ month. The malware, through a series of commands, extracts sensitive data.

Mac users are advised to pay attention to update prompts on websites, including ones for other browsers, and those within the browser itself. Users are also advised to only download updates distributed through macOS’s Software Update.

This is not the first-time threat actors were found using exploits designed to target Windows’ users to compromise the security of Apple devices. Earlier, reports emerged that threat actors were creating encryptors targeting Macs for the first time to launch LockBit ransomware attacks. Historically, the ransomware had been targeting Windows, Linux, and VMware ESXi servers