Home News Sophisticated macOS Infostealer Hits Newer Apple Silicon Devices
News

Sophisticated macOS Infostealer Hits Newer Apple Silicon Devices

201

Researchers have discovered a new, highly-sophisticated macOS malware called DigitStealer that masquerades as a legitimate app called “DynamicLake.” It specifically targets newer Apple Silicon Macs — M2 chips and later — while avoiding older Macs, virtual machines, and Intel-based systems.

DigitStealer’s installation begins with a bash script executed entirely in memory. Before proceeding, it checks the system’s region settings and verifies certain hardware features to ensure it’s running on a non-virtual, M2-or-newer Mac.

If these checks pass, the malware downloads four separate payloads:

  1. A script that asks the user for their macOS password and, if provided, steals credentials, documents, and system files.
  2. Tools that pull data from browser profiles, the macOS keychain, VPN configs, Telegram settings, and crypto wallets (including Ledger, Electrum, Exodus, and others).
  3. A tampered version of the Ledger Live app: the malware replaces its app file so it connects to an attacker-controlled server, giving full access to the user’s crypto wallet.
  4. A persistent backdoor implemented via a “Launch Agent” — this component fetches additional payloads from the attacker’s server on demand. At first, this backdoor is a JavaScript-based automation script, but the attacker can change it dynamically.

To trick users, the malware is packaged as an unsigned disk image named DynamicLake.dmg, served from a fake website mimicking the real DynamicLake app. The installer asks users to drag the file into Terminal, bypassing standard macOS security checks.

The researchers note that the malware’s design shows deep knowledge of macOS internals and a clear intention to evade detection. Because it uses fileless techniques and hardware checks, it leaves minimal traces and can dodge many traditional antivirus tools.

To stay safe, Mac users should:

  • Be very careful where they download apps — especially disk images (.dmg)
  • Avoid dragging unknown or untrusted files into Terminal
  • Use antivirus or security tools that monitor behavior, not just file signatures
  • Always verify the website or GitHub repo before downloading utilities

Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Articles

NewsSecurity

Telegram’s t.me Domain Goes Offline Worldwide After Registry Imposes ServerHold

Telegram’s t.me Links Go Offline After Domain Registry Places Hold on Address...

NewsSecurity

Critical U-Boot Flaws Could Let Hackers Install Stealthy Firmware Malware

New U-Boot Bootloader Flaws Could Enable Stealthy Firmware-Level Attacks Security researchers have...

NewsSecurity

Exposed Hacker Server Reveals Massive Campaign Compromising 25,000 WordPress Websites

Exposed Server Reveals 25,000 Hacked WordPress Websites in Large Cybercrime Campaign A...

NewsSecurity

Hidden Tenda Router Backdoor Gives Hackers Full Administrator Access

Hidden Backdoor in Tenda Router Firmware Allows Attackers to Gain Admin Access...