Friend
Professional
- Messages
- 2,653
- Reaction score
- 850
- Points
- 113
Researchers at Elastic Security Labs have discovered new malware targeting more than 100 browser extensions on Apple macOS systems.
The malware is called Banshee Stealer and is implemented in the cyber underground at a price of $ 3,000 per month of use.
It works on both x86_64 and ARM64 architectures.
Banshee Stealer targets Google Chrome, Mozilla Firefox, Brave, Microsoft Edge, Vivaldi, Yandex, Opera, OperaGX, Exodus, Electrum, Coinomi, Guarda, Wasabi Wallet, Atomic and Ledger, as well as crypto wallets and about 100 browser extensions.
Once logged in, the malware pulls data from the iCloud keychain: passwords and notes. Additionally, Banshee tries to prevent analysis and debugging: during startup, it checks for the presence of a virtual environment.
Malware includes a number of anti-analysis and debugging measures to determine whether it is running in a virtual environment.
In addition, it uses the CFLocaleCopyPreferredLanguages API to avoid infection of systems where Russian is the main language.
Like other types of malware for macOS, such as Cuckoo and MacStealer, it uses os javascript to display a fake password prompt, tricking you into entering system passwords for privilege escalation.
Other notable features include the ability to collect files with the txt, docx, rtf, doc, wallet, keys, and key extensions from your desktop and document folder.
The collected data is exfiltered as a ZIP archive to the remote server (45.142.122 [.] 92/send/).
As macOS has been increasingly targeted by cybercriminals lately, Banshee Stealer highlights the growing popularity of malware specific to Apple devices.
The malware is called Banshee Stealer and is implemented in the cyber underground at a price of $ 3,000 per month of use.
It works on both x86_64 and ARM64 architectures.
Banshee Stealer targets Google Chrome, Mozilla Firefox, Brave, Microsoft Edge, Vivaldi, Yandex, Opera, OperaGX, Exodus, Electrum, Coinomi, Guarda, Wasabi Wallet, Atomic and Ledger, as well as crypto wallets and about 100 browser extensions.
Once logged in, the malware pulls data from the iCloud keychain: passwords and notes. Additionally, Banshee tries to prevent analysis and debugging: during startup, it checks for the presence of a virtual environment.
Malware includes a number of anti-analysis and debugging measures to determine whether it is running in a virtual environment.
In addition, it uses the CFLocaleCopyPreferredLanguages API to avoid infection of systems where Russian is the main language.
Like other types of malware for macOS, such as Cuckoo and MacStealer, it uses os javascript to display a fake password prompt, tricking you into entering system passwords for privilege escalation.
Other notable features include the ability to collect files with the txt, docx, rtf, doc, wallet, keys, and key extensions from your desktop and document folder.
The collected data is exfiltered as a ZIP archive to the remote server (45.142.122 [.] 92/send/).
As macOS has been increasingly targeted by cybercriminals lately, Banshee Stealer highlights the growing popularity of malware specific to Apple devices.
