Odyssey Stealer is an advanced information-stealing malware designed specifically for macOS devices. Threat actors use a ClickFix social engineering technique through software malvertising, phishing campaigns, or fake software update prompts to lure potential victims into manually executing malicious commands. Once executed, the script downloads and installs the malware.

Odyssey Stealer primarily hijacks cryptocurrency wallets, steals browser credentials, and scans system files for sensitive information. Odyssey Stealer can target multiple cryptocurrency apps, including over 200 browser wallet extensions and 18 desktop wallets, and replace legitimate cryptocurrency apps with trojanized versions. It can also establish persistence on compromised devices, run additional commands, and evade detection.

The NJCCIC received a report involving the Odyssey Stealer malware. The victim downloaded purported photo editing software that prompted them to modify permissions and enter their administrator password. Behind the scenes, the victim authorized the execution of malicious commands to install the malware and grant the threat actors access to the device. Since the victim was already logged into MetaMask through a browser wallet extension, the threat actors were able to access and drain the account. The victim then received a MetaMask notification that their cryptocurrency funds had been transferred to another wallet, resulting in a financial loss.

Recommendations

• Download applications and software from official sources only.
• Refrain from clicking on suspicious links or pop-up notifications, or running untrusted commands or scripts found on websites, forums, or social media.
• If sensitive information was entered, change passwords for compromised accounts, monitor for unauthorized activity, and review the Identity Theft and Compromised PII NJCCIC Informational Report for additional recommendations and resources, including credit freezes.
• If you suspect your device is infected, disconnect from the internet, run anti-virus/anti-malware scans, follow the Odyssey Stealer removal guide, and review your security and privacy settings. A full system reimage may be warranted to restore the compromised device.