The new Banshee Stealer targets more than 100 browser extensions on Apple macOS systems

16 August 2024 2 minutes Author: Newsman

On August 16, 2024, cybersecurity researchers discovered a new malware called Banshee Stealer that specifically targets Apple macOS systems. This malware is extremely dangerous as it can steal data from a wide range of browsers, cryptocurrency wallets and over 100 browser extensions.

Banshee Stealer, which is offered to the cybercriminal community at a price of $3,000 per month, is a versatile and dangerous threat for macOS. It targets browsers such as Google Chrome, Mozilla Firefox, Brave, Microsoft Edge, Vivaldi, Yandex, Opera, and crypto wallets such as Exodus, Electrum, Coinomi, Guarda, Wasabi Wallet, Atomic, and Ledger. The malware is also capable of collecting system information, passwords and notes from iCloud Keychain. Banshee Stealer includes a number of anti-analysis and debugging measures that allow it to avoid detection in virtual environments. To avoid infecting systems where Russian is the primary language, the malware uses the CFLocaleCopyPreferredLanguages ​​API.

Banshee Stealer uses osascript to display a fake password prompt to trick users into entering system passwords for elevation of privilege. In addition, it collects data from files with extensions .txt, .docx, .rtf, .doc, .wallet, .keys and .key from the Desktop and Documents folders, which are then exfiltrated in ZIP format to a remote server . This malware highlights the growing popularity of macOS among cybercriminals, especially after the emergence of other malware such as Cuckoo and MacStealer.

With the growing number of threats like Banshee Stealer, macOS users should be extra careful when dealing with suspicious files and programs. Cybercriminals continue to develop new methods to steal data, making it important to maintain the highest standards of cybersecurity.

Other related articles
News
Read more
Rhysida ransomware attacked The Washington Times newspaper
Hacker group Rhysida, known for its attacks on various sectors including education, healthcare and government agencies, hacked the servers of The Washington Times newspaper and put its "exclusive" data up for sale for 5 bitcoins. This attack highlights the increasing cyber threats to media organizations and the importance of strengthening cyber security measures.
102
Found an error?
If you find an error, take a screenshot and send it to the bot.