dark
Hand-Picked Top-Read Stories
Trending Tags
2 minute read

New infostealer targets macOS devices, appears to have Russian links

Avatar
August 16, 2024
Total
0
Shares
0
0
0

Researchers have discovered new information-stealing malware labeled Banshee Stealer that is designed to breach Apple computers.

The malicious code was first spotted earlier in August and was reportedly developed by a threat actor who uses the Russian language on their Telegram channel and avoids targeting systems based in Russia. The malware is available as a service for $3,000 a month.

Researchers at the cybersecurity firm Elastic said that while Banshee Stealer is not “overly complex” in its design, its focus on macOS systems and the variety of data it collects “make it a significant threat.”

Elastic did not respond to questions on Friday about how the malware is delivered to targeted computers. The report does not specify how many cybercriminals, if any, have used the malware in the wild and whether their attacks were successful. 

Banshee Stealer can collect user passwords, and files from the “Desktop” and “Documents” folders, as well as browser history, cookies, and logins from nine different browsers, including Chrome, Firefox, Edge, and Opera. For Apple’s browser, Safari, the malware can only collect cookies.

Using Banshee Stealer, cybercriminals can also gain access to victims’ cryptocurrency wallets, including Wasabi Wallet, Exodus, and Ledger. After the malware finishes collecting data, it ZIP compresses the temporary folder and encrypts it, researchers said. 

The $3,000 monthly price is notably high compared to Windows-based stealers. By comparison, another popular stealer, AgentTesla, costs nearly $50 a month. The high price of Banshee Stealer is likely linked to the growing interest in macOS-specific malicious tools among cybercriminals, according to the report. 

“Despite its potentially dangerous capabilities, the malware’s lack of sophisticated obfuscation and the presence of debug information make it easier for analysts to dissect and understand,” Elastic said. And yet, this malware “presents a severe risk to macOS users,” as it targets vital system information.

MalwareNewsNews BriefsCybercrime
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniukis a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.

 

Total
0
Shares
Share 0
Tweet 0
Share 0
Share 0
Share 0
Previous Post

Background-check giant confirms security incident leaked millions of SSNs

August 16, 2024
Next Post

Ransomware attack on Indian payment system traced back to Jenkins bug

August 16, 2024
Related Posts
3 min

North Korean Hackers Target Energy and Aerospace Industries with New MISTPEN Malware

A North Korea-linked cyber-espionage group has been observed leveraging job-themed phishing lures to target prospective victims in energy and aerospace verticals and infect them with a previously undocumented backdoor dubbed MISTPEN. The activity cluster is being tracked by Google-owned Mandiant under the moniker UNC2970, which it said overlaps with a threat group known as TEMP.Hermit, which is
Siva Ramakrishnan
info@thehackernews.com (The Hacker News)
September 18, 2024
Read More