Security researchers say an evasive macOS virus disguised as the highly-anticipated GTA 6 game is targeting Mac users to steal their keychain passwords, cryptocurrency wallet data, and other sensitive information.
In a report on March 28, cybersecurity experts at Moonlock Lab said the malware, which displays “a level of sophistication that demanded immediate attention,” is sometimes disguised as the Notion app. Threat actors often try to pass off malware as popular, legitimate apps.
“This social engineering trick exploits the trust engendered by familiar nomenclature to deceive users and trick them into downloading malware,” Moonlock’s report said.
Malware Harvests Credentials, Other Sensitive Data
Moonlock Lab found that the malicious payload is packed in a trojanized installation file, possibly delivered to victims via phishing URLs. This malware evades macOS’s Gatekeeper by tricking users into manually overriding the security feature.
Once activated, the malware deploys a file called “AppleApp” to fetch and execute a partially hidden payload directly from memory, evading file system detection. It also hides itself in the victim’s home directories in a “secret folder,” the report said.
This payload engages in a multi-step malicious process, including phishing for user credentials through fake dialogs, targeting and extracting sensitive information from system directories and applications like cookies, form history, login credentials from multiple browsers, and the macOS keychain databases.
It also profiles the compromised system and exfiltrates stolen data to a hacker-controlled server.
It’s not surprising to find malware disguised as GTA 6. In November 2023, cybersecurity experts warned that threat actors are exploiting the excitement over Rockstar Games’ GTA 6 to launch scams and malware attacks.
Security Tips for Mac Users
For years, Macs were thought to be immune to viruses and other threats. However, researchers say that’s not the case. In February, a report by Jamf revealed that there are 300 malware families targeting the macOS platform, and 21 new ones emerged in 2023.
If you’re a Mac user, it’s important to take steps to protect your device. Moonlock laid out some actionable tips for macOS users:
- Always approach downloads with caution, particularly when downloading from sources outside the official App Store or third-party software publishers. The allure of free or pirated software can often be a trojan horse for malware. For instance, in March, researchers found Bitcoin-stealing malware disguised as cheat software for Call of Duty, Diablo, and other popular games.
- macOS’s Gatekeeper is your first line of defense against rogue applications. Circumventing its protections can open the door to malware. If Gatekeeper flags an application, do not override the warning.
- Malware often relies on deception, such as bogus prompts for installing additional software or entering your credentials. Treat any unexpected request for information or permissions with suspicion.
- It’s important to use a trusted antivirus to detect potentially malicious files. In this case, Moonlock Lab said the malware was only detected by Avast and AVG on VirusTotal. Both antivirus programs are ranked among our best free antivirus software.
For more news, follow us on X (Twitter), Threads, and Mastodon!
