MetaStealer is a new type of information-stealing malware that specifically targets Intel-based macOS computers [5]. It is part of a growing trend of stealer families that focus on the operating system [1] [5].


Threat actors behind MetaStealer have been found impersonating company clients to distribute the malware [2]. They pose as fake clients to socially engineer victims into launching malicious payloads [1] [5]. Currently, MetaStealer only affects Intel x86 64 architecture and cannot compromise macOS systems running on Apple Silicon processors [2], unless the victim uses Rosetta to run the malware [2].

MetaStealer primarily targets business users and aims to exfiltrate valuable information such as keychain data [3], saved passwords [3] [7] [8], and files from compromised hosts [3] [7]. It can even harvest data from iCloud Keychain [3] [8]. Some versions of the malware also target popular messaging platforms like Telegram and Meta [8]. MetaStealer variants have been observed impersonating TradingView [7], similar to Atomic Stealer, suggesting a possible connection between the two.

The rise in popularity of targeting Mac users for their data is a concerning trend among threat actors. MetaStealer represents an evolution in macOS-focused infostealers [6], demonstrating the adaptability and sophistication of contemporary cyber threats [6]. Its impact can be severe, leading to identity theft [6], financial losses [6], privacy breaches [6], and disruption of corporate operations [6]. Mac users [3] [5] [6] [7] [8], especially business users [6], should be vigilant in protecting their sensitive information from this significant threat.

Apple has recently released a new signature for XProtect to detect some variants of MetaStealer [4]. SentinelOne customers are automatically protected from macOS MetaStealer [4].


The rise in infostealers targeting macOS [4], including the MetaStealer family [4], is a cause for concern. It highlights the need for increased vigilance and protection measures among Mac users, particularly business users [6]. The impact of MetaStealer can be severe, with potential consequences such as identity theft, financial losses [6], privacy breaches [6], and disruption of corporate operations [6]. Apple’s release of a new signature for XProtect and the automatic protection provided to SentinelOne customers are steps in the right direction. However, it is crucial to stay informed about evolving cyber threats and implement comprehensive security measures to mitigate the risks posed by malware like MetaStealer.