New infostealer targets macOS devices, appears to have Russian links

Avatar

Researchers have discovered new information-stealing malware labeled Banshee Stealer that is designed to breach Apple computers.

The malicious code was first spotted earlier in August and was reportedly developed by a threat actor who uses the Russian language on their Telegram channel and avoids targeting systems based in Russia. The malware is available as a service for $3,000 a month.

Researchers at the cybersecurity firm Elastic said that while Banshee Stealer is not “overly complex” in its design, its focus on macOS systems and the variety of data it collects “make it a significant threat.”

Elastic did not respond to questions on Friday about how the malware is delivered to targeted computers. The report does not specify how many cybercriminals, if any, have used the malware in the wild and whether their attacks were successful. 

Banshee Stealer can collect user passwords, and files from the “Desktop” and “Documents” folders, as well as browser history, cookies, and logins from nine different browsers, including Chrome, Firefox, Edge, and Opera. For Apple’s browser, Safari, the malware can only collect cookies.

Using Banshee Stealer, cybercriminals can also gain access to victims’ cryptocurrency wallets, including Wasabi Wallet, Exodus, and Ledger. After the malware finishes collecting data, it ZIP compresses the temporary folder and encrypts it, researchers said. 

The $3,000 monthly price is notably high compared to Windows-based stealers. By comparison, another popular stealer, AgentTesla, costs nearly $50 a month. The high price of Banshee Stealer is likely linked to the growing interest in macOS-specific malicious tools among cybercriminals, according to the report. 

“Despite its potentially dangerous capabilities, the malware’s lack of sophisticated obfuscation and the presence of debug information make it easier for analysts to dissect and understand,” Elastic said. And yet, this malware “presents a severe risk to macOS users,” as it targets vital system information.

MalwareNewsNews BriefsCybercrime
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniukis a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.

 

Total
0
Shares
Previous Post

Background-check giant confirms security incident leaked millions of SSNs

Next Post

Ransomware attack on Indian payment system traced back to Jenkins bug

Related Posts

Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-Service

The Russian nation-state actor tracked as Secret Blizzard has been observed leveraging malware associated with other threat actors to deploy a known backdoor called Kazuar on target devices located in Ukraine. The new findings come from the Microsoft threat intelligence team, which said it observed the adversary leveraging the Amadey bot malware to download custom malware onto "specifically
Avatar
Read More