Cybersecurity analysts at Hunt.io have recently uncovered a sophisticated piece of macOS malware that disguises itself as the widely trusted “Unarchiver” application to exfiltrate sensitive user data. Identified in August 2024, the malware is distributed through a phishing site that closely mimics the official Unarchiver website. This site offers a seemingly legitimate disk image file named “TheUnarchiver.dmg,” which, while appearing authentic, is actually designed to deliver malicious software onto victims’ devices. This tactic exploits the common and trusted nature of unarchiver apps to infiltrate systems unnoticed.
The deceptive nature of this malware is evident despite its low-risk scores from Hatching Triage and its failure to be flagged as malicious by VirusTotal. The disk image, which contains code compiled for both ARM and Intel architectures, employs ad-hoc signing on macOS 14.5. An in-depth analysis of the file’s contents, including Info.plist files and shared libraries, reveals clear signs of malicious intent. The malware uses these components to conduct various malicious activities, including capturing sensitive user credentials and other personal information.
Once installed, the malware sets up directories in the user’s Library folder and executes a series of shell scripts contained within an undetected “grabber.zip” file. These scripts are designed to harvest user data, such as login credentials and IP addresses, and transmit it to remote servers controlled by the attackers. Notably, the scripts include Russian comments, which may hint at the malware’s origin and indicate the global reach and sophistication of the threat. This aspect highlights the increasing complexity of malware operations and their ability to evade traditional detection methods.
The inability of conventional security tools to identify this malware underscores the necessity for advanced security measures and heightened vigilance. This macOS-targeted stealer, resembling other sophisticated threats like Amos and Poseidon, demonstrates the evolving landscape of cyber threats. Users are advised to exercise caution and employ robust security practices to safeguard against such advanced attacks. As malware becomes more sophisticated and deceptive, the need for improved detection and analysis capabilities in cybersecurity is becoming ever more critical.
Reference:
