This one is focused on Intel based macOS systems and is able to bypass XProtect. However, if it's run via Rosetta, it could also infect M1/M2 systems. https://www.bleepingcomputer.com/ne...er-malware-targets-intel-based-macos-systems/
There is no way of knowing quite yet, but late yesterday's unusually timed Apple updates to both XProtect Remediator and XProtect itself may be helping with a solution. Even though Apple never reveals the content of XProtect Remediator/XProtect (111/2171) updates, we may know more in a day or two as the update's content is independently sleuthed out. Since the popularity of YARA can be so effective, a careful postmortem MetaStealer analysis may have provided relevant data. Blocking the bad actor's C² server's 2 IP addresses and 3 URLs, detailed in SentinelOne's analysis, should also be helpful.
