Malware Wiki

Summary: An Infostealer that uses Telegram for command and control
Class: InfoStealer
Class Summary: Infostealers are generally designed as simple malicious programs focused specifically on the the theft of information. Although they might also be able to spy on users, this is not generally their primary goal. They generally execute and immediately look on disk at hardcoded locations for valuable files. These valuable files range from browser data, crypto, keychains and more.
Description: Discovered by Uptycs in March 2023, MacStealer is a dark web-sourced info-stealing malware that utilizes Telegram for command and control. Capable of exfiltrating files, cookies, and financial information, it targets all major browsers including Safari, Firefox, and Chrome. Uptycs researchers have identified the malware's binaries as mach-o, compiled from Python. MacStealer is offered as a "Malware-as-a-Service," complete with a future feature roadmap that includes plans for a control panel, reverse shell capabilities, and additional wallet targets.
References: https://www.uptycs.com/blog/macstealer-command-and-control-c2-malware

https://www.jamf.com/blog/macstealer-malware-macos-threat/
Example Hashes: e0d9612798689222d7ebaa21c9c4b49f9bd21650

VirusTotal

bdf6b96bd4d45098b6385f1256b06faa9477bc5e

VirusTotal

e7c4e72e90598f420d6835a14c110c297a47a2c3

VirusTotal