Last updated
Security researchers have discovered a newly developed malware for macOS that can be used to attack over 100 browser extensions installed on a target Mac.
Apple strives to make macOS and other operating systems as secure as possible. While we do our best to protect ourselves from threats related to third-party malware, browser extensions are always a weak point.
The malware, called Banshee Stealer, does not directly attack macOS itself, but rather third-party software installed on macOS, Elastic Security Labs explained Thursday. Hacker NewsThis includes a variety of browsers including Safari, Chrome, Firefox, Brave, Edge, Vivaldi, and Opera.
It also targets cryptocurrency wallets and over 100 browser extensions installed on those browsers, making it a “highly versatile and dangerous threat,” according to Elastic Security Labs.
Since the main task of this malware is to collect and steal data, it is also capable of collecting information about the system itself along with keychain passwords. Data can also be obtained from various file types stored on the desktop and in the Documents folder.
It also has features to avoid detection in the first place. It can detect if it is running in a virtual environment and uses APIs to avoid infecting Macs if Russian is the default language.
During the installation process, the malware uses scripts to prompt the user for a fake password, in an attempt to escalate privileges.
“As macOS becomes an increasingly popular target for cybercriminals, Banshee Stealer demonstrates the rise of macOS-specific malware,” the researchers added.
It’s unclear how widely this malware has been used, but its creators seem to view it as a high-quality tool for cybercriminals. In one forum screenshot, the seller of the tool was charging $3,000 per month for access.
For macOS users, there are no specific guidelines to help with this particular attack vector, other than good computing hygiene. Many users would be much better off if they were to make sure their downloads came from legitimate sources, be wary of unexpected email attachments, and be more thoughtful about what they install.