en
Home
en
Home

New Mac Threat: The "Stealer" Malware Targeting Apple Silicon in 2025

The era of Mac invincibility is over. A new wave of sophisticated malware is specifically designed to exploit Apple Silicon chips, hiding inside popular software clones to steal your digital life.

APPLECYBERSECURITY

11/20/20253 min read

The Invisible Threat: New "Stealer" Malware Targets Apple Silicon Macs

The unboxing of a brand-new Mac—whether it’s a MacBook Pro M4 or an iMac—is usually accompanied by a sense of security. For decades, Apple’s marketing and public perception have relied on a single, comforting myth: "Macs don't get viruses." However, cybersecurity researchers have uncovered a sophisticated new strain of malware specifically engineered to target the architecture of modern Apple computers.

As the market share of macOS grows, so does the incentive for cybercriminals. This new threat is not just a nuisance; it is a high-level "info-stealer" designed to bypass Apple’s strictest security measures and drain digital wallets and credentials before the user even realizes they have been infected.

How the Malware Disguises Itself

Unlike old-school viruses that arrived via dodgy email attachments, this new malware—often categorized under families like "Cuckoo" or variants of "AMOS" (Atomic macOS Stealer)—relies on malvertising (malicious advertising).

The attackers purchase top-ranking ad slots on search engines for popular software. When a user searches for tools like "Arc Browser," "Zoom," "Microsoft Teams," or "Notion," the first result looks legitimate. However, clicking it leads to a pixel-perfect clone of the official website. The user downloads what they believe is the installer for their new Mac, but they are actually installing a "Trojanized" version of the software.

Targeting the "Crown Jewels": What is Stolen?

Once the user inputs their system password to install the fake application, the malware executes immediately. It is designed to extract data in seconds, often exfiltrating it to a remote server before the user has finished the installation process.

The malware specifically hunts for:

  • Keychain Data: Saved passwords for websites and applications.

  • Crypto Wallets: It targets extensions like MetaMask, Exodus, and Binance, looking to drain funds instantly.

  • Browser Cookies: By stealing session cookies, hackers can log into your accounts (Amazon, Gmail, Corporate Slack) without needing your password or 2FA code.

  • System Information: Hardware UUIDs and user profiles to sell on the dark web.

Bypassing macOS Gatekeeper

The most alarming aspect of this malware is its ability to sidestep macOS security protocols. Apple utilizes a system called Gatekeeper, which prevents unsigned or unverified apps from running.

However, cybercriminals are now purchasing legitimate Apple Developer IDs on the black market or using "ad-hoc" signatures. By signing the malware with a valid developer ID, they trick macOS into believing the software is safe. This allows the malicious program to run natively on Apple Silicon (M1, M2, M3, and M4 chips) without triggering the usual warning bells that protect the operating system.

How to Protect Your New Mac

While this threat is severe, it is not unstoppable. Securing a new Mac requires a shift in behavior and the adoption of new safety layers.

  1. Verify the URL: Never download software from the "Sponsored" links at the top of Google or Bing search results. Always scroll down to the organic results or type the URL directly (e.g., zoom.us).

  2. Use "Lockdown Mode" if necessary: For high-risk users, Apple’s Lockdown Mode (found in System Settings) strictly limits code execution.

  3. Install Dedicated Security Software: The built-in XProtect is good, but third-party tools like Malwarebytes or reputable endpoint protection can detect behavior that Apple’s static definitions might miss.

  4. Check the Developer Name: When the installation prompt appears, ensure the developer's name matches the software company exactly. If a "Zoom" installer is signed by "Tech Solutions LLC" instead of "Zoom Video Communications," do not proceed.

Conclusion

The narrative that Macs are immune to malware is now a dangerous complacency. As Apple Silicon Macs become more powerful and popular, they become a lucrative target for sophisticated cybercrime rings. By understanding how these "stealers" operate—through deception rather than brute force—users can enjoy their new devices without falling victim to the invisible theft of their digital identity.

Sources

  • SentinelOne Research Labs: "macOS Stealers: The New Wave of Malware"

  • The Hacker News: "Atomic Stealer and Cuckoo Malware Analysis"

  • Malwarebytes Labs: "State of Malware Report 2024 - Mac Edition"

  • Apple Support: "Safely opening apps on your Mac"

About

Contact

Newtechnology © 2025

Newtechnology— empowering tomorrow’s innovators, shaping a smarter future and inspiring hope for every individual.

Terms & Conditions

Privacy policy

Reframe your inbox

Subscribe to our newsletter and never miss a story.

We care about your data in our privacy policy.