New infostealer targets macOS devices, appears to have Russian links

Avatar

Researchers have discovered new information-stealing malware labeled Banshee Stealer that is designed to breach Apple computers.

The malicious code was first spotted earlier in August and was reportedly developed by a threat actor who uses the Russian language on their Telegram channel and avoids targeting systems based in Russia. The malware is available as a service for $3,000 a month.

Researchers at the cybersecurity firm Elastic said that while Banshee Stealer is not “overly complex” in its design, its focus on macOS systems and the variety of data it collects “make it a significant threat.”

Elastic did not respond to questions on Friday about how the malware is delivered to targeted computers. The report does not specify how many cybercriminals, if any, have used the malware in the wild and whether their attacks were successful. 

Banshee Stealer can collect user passwords, and files from the “Desktop” and “Documents” folders, as well as browser history, cookies, and logins from nine different browsers, including Chrome, Firefox, Edge, and Opera. For Apple’s browser, Safari, the malware can only collect cookies.

Using Banshee Stealer, cybercriminals can also gain access to victims’ cryptocurrency wallets, including Wasabi Wallet, Exodus, and Ledger. After the malware finishes collecting data, it ZIP compresses the temporary folder and encrypts it, researchers said. 

The $3,000 monthly price is notably high compared to Windows-based stealers. By comparison, another popular stealer, AgentTesla, costs nearly $50 a month. The high price of Banshee Stealer is likely linked to the growing interest in macOS-specific malicious tools among cybercriminals, according to the report. 

“Despite its potentially dangerous capabilities, the malware’s lack of sophisticated obfuscation and the presence of debug information make it easier for analysts to dissect and understand,” Elastic said. And yet, this malware “presents a severe risk to macOS users,” as it targets vital system information.

MalwareNewsNews BriefsCybercrime
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniukis a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.

 

Total
0
Shares
Previous Post

Background-check giant confirms security incident leaked millions of SSNs

Next Post

Ransomware attack on Indian payment system traced back to Jenkins bug

Related Posts

Want to Grow Vulnerability Management into Exposure Management? Start Here!

Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management
Avatar
Read More