How to remove DigitStealer malware from your Mac

What kind of malware is DigitStealer?

DigitStealer is a sophisticated information-stealing malware targeting Mac operating systems. This malicious program seeks to extract and exfiltrate sensitive data, including log-in credentials and information associated with cryptocurrency wallets.

DigitStealer malware overview

DigitStealer is a malware designed with an emphasis on stealth. As of the time of writing, the Apple Disk Image file used to deliver this stealer had no detections on the VirusTotal platform. The malware utilizes the "Drag into Terminal" method for installation to bypass the Gatekeeper security feature.

DigitStealer's utilizes several anti-detection mechanisms, including detecting when it is launched on a virtual machine and anti-debugging. One noteworthy method is checking whether the system is running on Apple Silicon M2 or a newer chip and verifying hardware details.

This program infiltrates devices through a multi-stage chain that involves four payloads that are executed in-memory. The first stealer payload collects geolocation data, which could be used to determine whether to proceed with the infection. It also introduces the other payloads into the system.

Like many Mac-specific malicious programs, this malware prompts the victim to provide their user account log-in credentials. It steals (small size) files from the Desktop, Documents, and Downloads directories.

The second stealer payload seeks to extract data from browsers, such as Brave, Google Chrome, Microsoft Edge, Mozilla Firefox, and others. Targeted information may include: browsing histories, Internet cookies, usernames/passwords, personally identifiable details, credit card numbers, etc.

It can extract log-in credentials stored in Keychain – Mac's native password manager. The malware steals data associated with Coinomi, Electrum, Exodus, Ledger, and other cryptowallets. Other targeted software includes VPN clients (OpenVPN, Tunnelblick) and the Telegram messenger.

The third payload is designed to modify the Ledger wallet/app – terminating processes, replacing data, and swapping the genuine Ledger with a trojanized one (that is downloaded in multiple parts). The likely goal is to obtain the cryptowallet's passphrase.

The fourth payload is designed to ensure persistence. It is not a static item, as it keeps retrieving the payload from a specific domain every time it runs. Another purpose is to serve as a backdoor for further infection, as it continuously checks for any additional payloads.

It must be mentioned that malware developers often improve upon their software and methodologies. Hence, potential future iterations of DigitStealer could have different functionalities.

In summary, the presence of malicious software like DigitStealer on devices can lead to multiple system infections, severe privacy issues, financial losses, and identity theft.

Stealer-type malware examples

We have investigated numerous malicious programs; Shamos, mac.c stealer, and Odyssey are just a couple of our articles on data-stealing Mac malware.

Information-stealing functionalities are prevalent in all types of malware. Stealers are also commonly used in tandem with other malicious programs. It must be stressed that regardless of what (if any) data malware targets – its presence on a system threatens device and user safety.

How did DigitStealer infiltrate my computer?

The Disk Image file that DigitStealer arrives onto systems in is disguised as the installer for DynamicLake – a legitimate Mac application. At least one website has been found that proliferates this malicious file, yet how the page was promoted is unknown. Generally, deceptive sites are endorsed via SEO poisoning, malvertising, spam browser notifications, mistyped URLs, and adware.

However, DigitStealer could infiltrate devices under other disguises or through different methods. Malware is predominantly spread by relying on phishing and social engineering tactics. Malicious software is usually presented as or bundled with ordinary content. It can also come in various file formats.

The most widespread malware proliferate techniques include: backdoor/loader-type trojans, online scams, malicious attachments or links in spam (e.g., emails, PMs/DMs, social media posts, etc.), drive-by (stealthy/deceptive) downloads, dubious download channels (e.g., freeware and third-party websites, P2P sharing networks, etc.), pirated programs/media, illegal software activation tools ("cracks"), and fake updates.

What is more, some malicious programs can self-spread via local networks and removable storage devices (e.g., external hard drives, USB flash drives, etc.).

How to avoid installation of malware?

Caution is essential to device and user safety. Therefore, always research software prior to downloading or purchasing. Download only from official and verified sources. Activate and update programs using functions/tools provided by genuine developers, as those obtained from third-parties may contain malware.

Be cautious when browsing since the Internet is rife with deceptive and malicious content. Do not open attachments or links found in suspicious/irrelevant communications (e.g., emails, PMs/DMs, SMSes, etc.), as they may be virulent.

It is paramount to have a reputable antivirus installed and kept up-to-date. Security software must be used to perform regular system scans and to remove detected threats. If your computer is already infected with, we recommend running a scan with Combo Cleaner Antivirus for Windows to automatically eliminate infiltrated malware.

DigitStealer instructing to use the "drag-to-terminal" installation method:

Instant automatic malware removal:

Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:

By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by RCS LT, the parent company of PCRisk.com.

Quick menu:

• What is "DigitStealer"?
• Remove PUA related files and folders from OSX.

Video showing how to remove adware and browser hijackers from a Mac computer:

Potentially unwanted applications removal:

Remove potentially unwanted applications from your "Applications" folder:

Click the Finder icon. In the Finder window, select "Applications". In the applications folder, look for "MPlayerX","NicePlayer", or other suspicious applications and drag them to the Trash. After removing the potentially unwanted application(s) that cause online ads, scan your Mac for any remaining unwanted components.

Frequently Asked Questions (FAQ)

My computer is infected with DigitStealer malware, should I format my storage device to get rid of it?

Most likely, no – since malware removal rarely requires formatting.

What are the biggest issues that DigitStealer malware can cause?

The dangers posed by an infection depend on the malware's functionalities and the attackers' modus operandi. DigitStealer is a stealthy stealer that targets passwords and cryptowallets. The presence of this software can result in multiple system infections, serious privacy issues, financial losses, and identity theft.

What is the purpose of DigitStealer malware?

Profit is the most common motivation behind malware infections. However, they may also be driven by the attackers' amusement or personal grudges, process disruption (e.g., websites, services, companies, etc.), hacktivism, and political/geopolitical motivations.

How did DigitStealer malware infiltrate my computer?

Malware is mainly distributed via trojans, drive-by (stealthy/deceptive) downloads, online scams, spam mail, malvertising, dubious download sources (e.g., freeware and free file-hosting sites, P2P sharing networks, etc.), pirated content, illegal software activation ("cracking") tools, and fake updates. Furthermore, some malicious programs can self-proliferate through local networks and removable storage devices.

Will Combo Cleaner protect me from malware?

Yes, Combo Cleaner can detect and remove practically all known malware infections. Remember that performing a complete system scan is essential since high-end malicious programs tend to hide deep within systems.