Anti-malware system bypassed by updated macOS infostealers

BleepingComputer reports that information-stealing malware targeted at macOS systems, including KeySteal, Atomic Stealer, and CherryPie, have been updated by their developers to bypass the continuous updates Apple has added to the built-in XProtect anti-malware system. Since its emergence in 2021, KeySteal has been improved to ensure persistence and Keychain data theft without being detected by XProtect and other antivirus engines even if its signature was updated by Apple last February, according to a SentinelOne report. Operators of KeySteal could also adopt a rotation mechanism to subvert issues related to its utilization of hardcoded command-and-control addresses, said researchers. On the other hand, several C++ variants of the Atomic Stealer have been discovered to be undetected by XProtect despite Apple last updating the malware's signatures and detection rules in December. Meanwhile, the CherryPie malware, also known as JaskaGo or GaryStealer, was noted to have anti-analysis and Gatekeeper disabling capabilities although newer versions could already be detected since Apple's last signature update last month.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.