New infostealer targets macOS devices, appears to have Russian links
Researchers have discovered new information-stealing malware labeled Banshee Stealer that is designed to breach Apple computers.
The malicious code was first spotted earlier in August and was reportedly developed by a threat actor who uses the Russian language on their Telegram channel and avoids targeting systems based in Russia. The malware is available as a service for $3,000 a month.
Researchers at the cybersecurity firm Elastic said that while Banshee Stealer is not “overly complex” in its design, its focus on macOS systems and the variety of data it collects “make it a significant threat.”
Elastic did not respond to questions on Friday about how the malware is delivered to targeted computers. The report does not specify how many cybercriminals, if any, have used the malware in the wild and whether their attacks were successful.
Banshee Stealer can collect user passwords, and files from the “Desktop” and “Documents” folders, as well as browser history, cookies, and logins from nine different browsers, including Chrome, Firefox, Edge, and Opera. For Apple’s browser, Safari, the malware can only collect cookies.
Using Banshee Stealer, cybercriminals can also gain access to victims' cryptocurrency wallets, including Wasabi Wallet, Exodus, and Ledger. After the malware finishes collecting data, it ZIP compresses the temporary folder and encrypts it, researchers said.
The $3,000 monthly price is notably high compared to Windows-based stealers. By comparison, another popular stealer, AgentTesla, costs nearly $50 a month. The high price of Banshee Stealer is likely linked to the growing interest in macOS-specific malicious tools among cybercriminals, according to the report.
“Despite its potentially dangerous capabilities, the malware's lack of sophisticated obfuscation and the presence of debug information make it easier for analysts to dissect and understand,” Elastic said. And yet, this malware “presents a severe risk to macOS users,” as it targets vital system information.
Daryna Antoniuk
is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.