Help

Macstealer Malware in the wild

VintageMacGuy
Contributor II

‎03-29-2023 09:52 AM - edited ‎03-29-2023 10:21 AM

New malware to worry about:
https://www.uptycs.com/blog/macstealer-command-and-control-c2-malware

Uptycs recommends the following measures and actions:

  • Keep your Mac systems up-to-date with the latest updates and patches
  • Only permit the installation of files from trusted sources that allow ‘App Store’ or ‘App store and identified developers.’

In Ventura (13.3), "App Store" and "App Store and identified developers" are the only two settings under Security, but it looks like there is a way to run unsigned apps anyway under the "Developer" section? 

 

I am thinking of adding a block for "weed.app" in JAMF - Restricted Software. I didn't see a confirmation that weed.app is the process name, so that is a bit of a guess.

Reply
3 REPLIES 3

rmaciel
New Contributor

Posted on ‎03-29-2023 12:12 PM

Does JAMF Protect stop MacStealer?

0 Kudos
Reply

OGClayton
New Contributor III
In response to rmaciel

Posted on ‎03-30-2023 12:19 AM

Yes it does.

0 Kudos
Reply

mickl089
Contributor III

Posted on ‎04-06-2023 12:36 AM

As in the past, are there any suspicious folders or files here that suggest that the computer is infected with the malware? (I mean other than weed.app)

0 Kudos
Reply