Friday, April 5, 2024

Macs Targeted by Infostealer Malware

Jamf Threat Labs:

While searching for “Arc Browser” on Google, it was brought to our attention that following the sponsored result for what seems to be the legitimate Arc web browser, actually brings you to a malicious site aricl[.]net that imitates the legitimate


The DMG is signed ad-hoc and provides directions to right-click the app and select open thus overriding any Gatekeeper warnings.


Dumping plain text passwords out of the keychain requires the user’s macOS password. Infostealer developers have long caught on to the fact that the easiest way to get this password is to simply ask the user for it. We see a prompt generated via a call to AppleScript.

4 Comments RSS · Twitter · Mastodon

Especially since every little thing requires a password these dyas. It’s no longer a signal that something special is about to be done.

It is supremely ironic that Apple ran an ad mocking Windows Vista for having too many authentication prompts. Ironically Microsoft has done far more to address the issue in intervening years than Apple, and Apple has gotten noticeably worse.

You have to type or Touch ID your password 50 times a time a day on MacOS. Who has the time to be sure every request is legit?

Yet another argument for why it shouldn't be allowed to buy ads against other companies brand names.

Arc is obviously a pain in the ass because people might be searching for some other kind of arc.

Not that google will do anything to mess with the smooth flow of money.

Leave a Comment