Today > | 7 High | 22 Medium | 6 Low vulnerabilities   -   You can now download lists of IOCs here!

InfoStealer Uses SwiftUI, OpenDirectory API to Capture Passwords

Aug. 9, 2024, 12:09 p.m.

Description

This report analyzes a new macOS stealer malware that leverages SwiftUI for password prompts and the OpenDirectory API for verifying captured passwords. It utilizes APIs to evade detection and carries out malicious operations in distinct stages, first executing a Swift-based dropper that displays a fake password prompt to trick users, verifies credentials using the OpenDirectory API, and then downloads and executes malicious scripts from a command-and-control server. The analysis delves into the dropper's functionality, uncovering novel techniques employed by the malware authors.

Date

Published: Aug. 9, 2024, 11:26 a.m.

Created: Aug. 9, 2024, 11:26 a.m.

Modified: Aug. 9, 2024, 12:09 p.m.

Indicators

https://cryptomac.dev/download/grabber.zip

Attack Patterns

CryptoTrade

T1558.001

T1548.001

T1055.001

T1059.005

T1497.001

T1059.001

T1113

T1071.001

T1105

T1027