InfoStealer Uses SwiftUI, OpenDirectory API to Capture Passwords

NetmanageIT OpenCTI - opencti.netmanageit.com

InfoStealer Uses SwiftUI, OpenDirectory API to Capture Passwords



SUMMARY :

This report analyzes a new macOS stealer malware that leverages SwiftUI for password prompts and the OpenDirectory API for verifying captured passwords. It utilizes APIs to evade detection and carries out malicious operations in distinct stages, first executing a Swift-based dropper that displays a fake password prompt to trick users, verifies credentials using the OpenDirectory API, and then downloads and executes malicious scripts from a command-and-control server. The analysis delves into the dropper's functionality, uncovering novel techniques employed by the malware authors.

OPENCTI LABELS :

macos,infostealer,dropper,swiftui,cryptotrade


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


InfoStealer Uses SwiftUI, OpenDirectory API to Capture Passwords