The anticipation surrounding the release of GTA 6 has reached a fever pitch, with gamers around the globe eagerly awaiting the chance to dive into the next installment of the critically acclaimed series. However, this excitement has also painted a target on the backs of many, particularly Mac users, as scammers concoct elaborate schemes to exploit this fervor.
A sophisticated new malware, masquerading as the much-awaited GTA 6 game, has emerged, ensnaring unsuspecting victims into a web spun with deceit and theft.
An Unwelcome Surprise for Mac Enthusiasts
At the heart of this scam is malware cleverly disguised to appear as a harmless download of GTA 6, an event eagerly awaited by millions. According to the security maestros at Moonlock, this digital Trojan horse is specifically engineered to infiltrate Mac devices.
Once inside, it seeks out and pilfers sensitive information, including passwords stored in the local Keychain. This nefarious software belongs to the family of Password Stealing Ware (PSW), a particularly insidious type of malware that preys on personal and sensitive information.
GTA 6 Spyware: The Mechanism of Deceit
The modus operandi of this malware is cunningly simple yet effective. It often masquerades as popular applications, such as Notion or the yet-to-be-released GTA 6, exploiting the trust users place in familiar names.
The deception doesn’t stop there. It further dupes users into disabling macOS Gatekeeper, a crucial security feature on Apple devices designed to ensure only trusted software runs on the system.
Moonlock researchers shed light on the technical subterfuge involved: “Disguised as a harmless DMG file, it coaxes the user into initiating the installation process through a phishing image. This image is crafted to persuade users to bypass the Gatekeeper security feature.”
The Gatekeeper is designed to block unsigned and unnotarized applications from running, safeguarding users from potential threats. However, this malware exploits a user override feature to carry out its sinister agenda.
Urgent warning to gamers over FAKE Grand Theft Auto 6 download links that can flood your device with malware – here's how to spot them https://t.co/DtT0tsBQsO pic.twitter.com/CnX1kHM3gw
— Mail+ (@DailyMailUK) December 6, 2023
Once the DMG file is activated, it unleashes a Mach-O file, dubbed AppleApp, which reaches out to a URL hosted on a Russian IP. Upon establishing a connection, it proceeds to download a partly obscured AppleScript and Bash payload. This payload operates stealthily, executing directly from the application’s memory and sidestepping the conventional file system.
This script acts as a digital pickpocket, meticulously scouring the system for credentials and focusing on extracting sensitive data from various applications and databases. It hunts through system folders for cookies, browsing histories, and login information from popular browsers like Chrome, Firefox, Brave, Edge, Opera, and OperaGX.
A Word of Caution
Given that GTA 6 has yet to grace any platform, including Mac, users are advised to tread with caution. The allure of early access or exclusive content can be tempting, but it’s vital to remain vigilant, especially when navigating the web or considering downloads from unfamiliar sources.
This incident serves as a stark reminder of the ever-present threat of cybercriminal activities and the importance of safeguarding personal information against such sophisticated attacks.
