216.73.217.172

InfoStealer Uses SwiftUI, OpenDirectory API to Capture Passwords

· Published 09/08/2024 11:26 · Modified 09/08/2024 12:09

Export JSON

Essential information

Published
09/08/2024 11:26
Modified
09/08/2024 12:09
Tags
2024-08-09 cryptotrade dropper infostealer macos swiftui
Related entities
1 observables, 10 techniques (mitre), 1 malware

Description

This report analyzes a new stealer malware that leverages for password prompts and the OpenDirectory API for verifying captured passwords. It utilizes APIs to evade detection and carries out malicious operations in distinct stages, first executing a Swift-based that displays a fake password prompt to trick users, verifies credentials using the OpenDirectory API, and then downloads and executes malicious scripts from a command-and-control server. The analysis delves into the 's functionality, uncovering novel techniques employed by the malware authors.

External references