VERY IMPORTANT

Security researchers discovered a suspicious Mach-O binary masquerading as a Windows .exe file, named MonetaStealer. This PyInstaller-compiled malware targets macOS systems and is believed to be in early development. MonetaStealer focuses on stealing Chrome browser data, cryptocurrency wallet information, Wi-Fi credentials, keychain items, financial documents, SSH private keys, and clipboard content. It uses deceptive naming conventions and targets specific file paths to gather sensitive information. The malware employs various techniques to extract data, including querying SQLite databases, using regex patterns, and executing system commands. Exfiltration is attempted via Telegram, although researchers did not observe successful file uploads. A Windows variant was also identified but contained non-functional code. The threat highlights the ongoing prevalence of stealers in the macOS landscape.