New macOS Infostealer DigitStealer Uncovered by Jamf Threat Labs

Jamf Threat Labs has discovered a sophisticated macOS infostealer named DigitStealer. The malware uses advanced techniques such as hardware-based execution gates, multi-stage payload delivery, and Cloudflare Pages hosting. It targets cryptocurrency wallets like Ledger Live and evades detection through extensive anti-analysis features. The malware is distributed via an unsigned disk image named DynamicLake.dmg, spoofing a legitimate macOS utility. It employs a drag-to-terminal installation script and includes locale checks to avoid execution in certain regions. The malware's payloads include AppleScript for credential harvesting and JavaScript for Automation (JXA) for data exfiltration. It modifies Ledger Live to redirect sensitive data to attacker-controlled endpoints and establishes persistence through a Launch Agent.

Latest mentioned: 11-18

Earliest mentioned: 11-14

Sources

securityonline.info gbhackers.com

Also Read

ClickFix Malware Campaign Deploys Amatera Stealer and NetSupport RAT

Cybersecurity researchers have uncovered a sophisticated malware campaign using the ClickFix social engineering tactic to distribute Amatera Stealer and NetSupport RAT. The campaign, tracked as EVALUSION, targets cryptocurrency wallets, browsers, and email services. Amatera, an evolution of ACR Stealer, employs advanced evasion techniques and is available via subscription. The attack involves tricking users into executing malicious commands, leading to data exfiltration and potential RAT deployment.

11-18Read more →