BleepingComputer reports that macOS computers on the Intel x86_64 architecture have been subjected to attacks involving the new MetaStealer information-stealing malware.
Threat actors have impersonated businesses' clients to send phishing emails containing disk image files that include executables masquerading as PDF files, which eventually result in the execution of MetaStealer, according to a SentinelOne report.
Aside from targeting system files and saved passwords, MetaStealer also sets sights on the contents of the macOS keychain, enabling the exfiltration of website, app, and WiFi network credentials, as well as credit card data, encryption keys, and private notes.
MetaStealer has been noted by researchers to be different from the previously reported META infostealer, which could bypass Apple's XProtect antivirus technology, and the Atomic Stealer malware, from which it shares some similarities.
Despite limited targeting of the malware, attackers could develop an updated version of MetaStealer that could facilitate the compromise of macOS computers on Apple Silicon processors, said researchers.
Blind Eagle's attacks commence with the distribution of Colombia tax authority-spoofing phishing emails luring recipients into clicking embedded links redirecting to a Google Drive folder-hosted ZIP archive that facilitates BlotchyQuasar execution.
Attackers leveraged a malicious DLL from the Microsoft Word app to retrieve from open-source remote desktop and remote admin software UltraVNC a launcher that would facilitate injections of the CXCLNT malware and CLTEND remote access tool.
Intrusions leveraging the vulnerability have facilitated the distribution of not only the GOREVERSE reverse proxy server but also the Condi malware, the Mirai botnet variant Jenx, and four other cryptocurrency mining payloads.