Macstealer Malware in the wild

VintageMacGuy
Contributor II

New malware to worry about:
https://www.uptycs.com/blog/macstealer-command-and-control-c2-malware

Uptycs recommends the following measures and actions:

  • Keep your Mac systems up-to-date with the latest updates and patches
  • Only permit the installation of files from trusted sources that allow ‘App Store’ or ‘App store and identified developers.’

In Ventura (13.3), "App Store" and "App Store and identified developers" are the only two settings under Security, but it looks like there is a way to run unsigned apps anyway under the "Developer" section? 

 

I am thinking of adding a block for "weed.app" in JAMF - Restricted Software. I didn't see a confirmation that weed.app is the process name, so that is a bit of a guess.

3 REPLIES 3

rmaciel
New Contributor

Does JAMF Protect stop MacStealer?

OGClayton
New Contributor III
New Contributor III

Yes it does.

mickl089
Contributor III

As in the past, are there any suspicious folders or files here that suggest that the computer is infected with the malware? (I mean other than weed.app)