Threat Database Mac Malware Trojan.MacOS.Careto.A


Threat Scorecard

Threat Level: 90 % (High)
Infected Computers: 13
First Seen: January 20, 2021
Last Seen: October 27, 2022

Trojan.MacOS.Careto.A is a malware threat also known as Careto, whereas some anti-malware applications can also defect it as Backdoor.MacOSX.Careto. According to reports, it can perform malicious activities on both Windows and macOS platforms, while its name suggests that the author of this Trojan comes from a Latin-American or Spanish origin. In Spanish, “careto” means a mask.

Once it has infiltrated a Mac computer, Trojan.MacOS.Careto.A acts like a typical Trojan, gaining control over the device by modifying specific system settings and files, and ensuring it stays undetected for as long as possible. Researchers believe that the main goal of Careto’s creator is to steal valuable information, like passwords and personal files, but also monitor the user’s activities all the time.

Other data that Trojan.MacOS.Careto.A tries to collect includes installed macOS version, available RAM size, user login names, and passwords. Collected data is sent in real-time to the hackers’ servers. Researchers have also observed that this Trojan modifies macOS system libraries and elevates its privileges to the administrator level. After that, it can run a number of unsolicited processes: send directories of currently running processes, stop legit processes, turn off the PC, run/remove apps, switch on the available microphone and camera. Similarities with other Trojans, including IPStorm Trojan and Jahlav Trojan have also been recognized.

Trojan.MacOS.Careto.A can enter a macOS device in many different ways. Cybercrooks often inject Trojans into email attachments and send these messages to random victims through spam email campaigns. These attachments may look legit, for example, masked as bank documents, order confirmations, invoices, etc. Other ways for Trojans like Careto to spread are file-downloads from untrusted or corrupted web portals or torrent networks. Files in which Trojan.MacOS.Careto.A lurks typically look like normal apps, software updates, or other types of installers.

Obviously, this Trojan is a threat that should not be underestimated since it can cause serious privacy issues, financial losses, and data damage. Users can install a reliable anti-virus solution for Mac to prevent all these issues and keep their devices safe from cyberattacks.


Most Viewed