GTA 6 is still months away from being available, but scammers are already using fake copies of it to steal passwords from your Mac.
A new form of malware, disguised as the unreleased video game GTA 6, is being used to infiltrate Mac devices, as discovered by security researchers at Moonlock. Once it’s in your system, it can extract sensitive information, such as passwords from a local Keychain.
The malware is related to password stealing ware (PSW)— a type of malicious software designed specifically to steal passwords and other sensitive information from a user’s device.
It pretends to be a popular application like Notion or GTA 6. This tricks users into downloading malware because they trust familiar names. The malware then tricks users into overriding macOS Gatekeeper, which is a security feature on all Apple Mac devices that ensures only trusted software runs on your device.
“Disguised as a harmless DMG file, it tricks the user into installation via a phishing image, persuading the user to bypass macOS’s Gatekeeper security feature. Gatekeeper normally prevents unsigned and un-notarized applications from running, but the malware exploits a user override feature,” Moonlock researchers write.
Subscribe to our newsletter for the latest updates on Esports, Gaming and more.
Once you run the DMG file, it releases a Mach-O file called AppleApp. This AppleApp then sends a request to a specific URL from a Russian IP address. If it connects successfully, it starts downloading a partly hidden AppleScript and Bash payload. This payload is directly put into action from the application’s memory, bypassing the regular file system.
This script works like a digital pickpocket, stealing credentials and focusing on sensitive data stored in different applications and databases on your Mac. The malware searches through system folders, seeking valuable data like cookies, browsing history, and login details from popular web browsers such as Chrome, Firefox, Brave, Edge, Opera, and OperaGX.
Given that GTA 6 isn’t out yet on any platform, irrespective of Mac support, be wary while browsing the web, or when downloading files from unfamiliar sources.