Found 15 bookmarks
Custom sorting
Banshee: The Stealer That "Stole Code" From MacOS XProtect
Banshee: The Stealer That "Stole Code" From MacOS XProtect
Since September, Check Point Research has been monitoring a new version of the Banshee macOS stealer, a malware linked to Russian-speaking cyber criminals targeting macOS users. This new version had been undetected for over two months until the original version of Banshee Stealer was leaked on XSS forums, which resembled similarities with the malware’s core functionality. One notable difference between the leaked source code and the version discovered by Check Point Research is the use of a string encryption algorithm. This algorithm is the same as Apple uses in its Xprotect antivirus engine for MacOS. One method of distributing Banshee Stealer involved malicious GitHub repositories, targeting Windows users with Lumma Stealer and macOS users with Banshee Stealer. Banshee operated as a ‘stealer-as-a-service’, priced at $3,000, and was advertised through Telegram and forums such as XSS and Exploit. On November 23, 2024, the malware’s source code was leaked, leading the author to shut down the operations the following day. Despite shutting down the operation, threat actors continue to distribute the new version of Banshee via phishing websites.
#checkpoint#EN#2025#macOS#Banshee#XProtect#stealer#undetected
·research.checkpoint.com·
Banshee: The Stealer That "Stole Code" From MacOS XProtect
Malicious Python Package Targets macOS Developers
Malicious Python Package Targets macOS Developers
  • A package called “lr-utils-lib” was uploaded to PyPi in early June 2024, containing malicious code that executes automatically upon installation. The malware uses a list of predefined hashes to target specific macOS machines and attempts to harvest Google Cloud authentication data. The harvested credentials are sent to a remote server.
#checkmarx#EN#2024#macOS#stealer#Supply-chain-attack#PyPI#pypi-malware#lr-utils-lib#developpers
·checkmarx.com·
Malicious Python Package Targets macOS Developers
Mac users targeted in new malvertising campaign delivering Atomic Stealer
Mac users targeted in new malvertising campaign delivering Atomic Stealer
  • Malicious ads for Google searches are targeting Mac users Phishing sites trick victims into downloading what they believe is the app they want The malware is bundled in an ad-hoc signed app so it cannot be revoked by Apple * The payload is a new version of the recent Atomic Stealer for OSX
#malwarebytes#EN#2023#macos#AtomicStealer#stealer#tradingview
·malwarebytes.com·
Mac users targeted in new malvertising campaign delivering Atomic Stealer
MacStealer: New macOS-based Stealer Malware Identified
MacStealer: New macOS-based Stealer Malware Identified
Uptycs has already identified three Windows-based malware families that use Telegram this year, including Titan Stealer, Parallax RAT, and HookSpoofer. Attackers are increasingly turning to it, particularly for stealer command and control (C2). And now the Uptycs threat research team has discovered a macOS stealer that also controls its operations over Telegram. We’ve dubbed it MacStealer.
#Uptycs#EN#2023#macOS#C2#stealer#MacStealer#Telegram
·uptycs.com·
MacStealer: New macOS-based Stealer Malware Identified
MacStealer: New macOS-based Stealer Malware Identified
MacStealer: New macOS-based Stealer Malware Identified
Uptycs has already identified three Windows-based malware families that use Telegram this year, including Titan Stealer, Parallax RAT, and HookSpoofer. Attackers are increasingly turning to it, particularly for stealer command and control (C2). And now the Uptycs threat research team has discovered a macOS stealer that also controls its operations over Telegram. We’ve dubbed it MacStealer.
#Uptycs#EN#2023#macOS#C2#stealer#MacStealer#Telegram
·uptycs.com·
MacStealer: New macOS-based Stealer Malware Identified