"New Banshee Stealer macOS Malware Priced at $3,000 Per Month"

Cybercriminals are advertising a new macOS malware that they claim is capable of stealing a wide range of data from compromised systems.  The malware is called Banshee Stealer and is believed to have been developed by Russian threat actors.  The malware is advertised on cybercrime forums for $3,000 per month.  Researchers at Elastic Security Labs analyzed the new macOS malware.  The researchers noted that the malware is designed to collect the targeted user’s macOS password, information about the system’s hardware and software, keychain passwords, data from web browsers, and cryptocurrency wallets.  Banshee Stealer can target nine browsers: Chrome, Firefox, Brave, Edge, Vivaldi, Yandex, Opera, OperaGX, and Safari.  It can generally steal cookies, logins, and browsing history, but only cookies can be collected from Safari.  The researchers also found that the malware targets data from roughly 100 browser plugins.  The researchers noted that the malware also attempts to steal cryptocurrency wallets from the compromised system, including Exodus, Electrum, Coinomi, Guarda, Wasabi Wallet, Atomic, and Ledger.   Once the data is collected locally, it’s added to an archive file, which is encrypted and sent to the attacker’s server. Before initiating its data theft routine, Banshee Stealer checks the system for signs that it’s being analyzed by security researchers (it checks whether it’s being debugged or run in a virtual machine) and ensures that the compromised system’s language is not set to Russian.  The researchers noted that the methods used for detection evasion are basic, and Banshee Stealer can still be analyzed by advanced sandboxes and malware analysts. 

SecurityWeek reports: "New Banshee Stealer macOS Malware Priced at $3,000 Per Month"