A new wave of the Odyssey Stealer malware is aggressively targeting macOS users across more than 100 countries, aiming to harvest sensitive information such as credentials, browsing data, and cryptocurrency assets. This campaign employs deceptive tactics, including fake software updates and social engineering lures, to trick users into executing malicious commands.
Once activated, Odyssey Stealer operates stealthily, scanning infected systems for valuable data and transmitting it to attacker-controlled servers. The malware’s reach is extensive, affecting individuals, investors, and corporate Mac users alike. Its capabilities extend beyond typical browser-focused infections, enabling it to collect passwords, cookies, and autofill data from a wide range of browsers, including Chrome, Brave, Edge, Vivaldi, Opera, Arc, Firefox, and Waterfox.
Comprehensive Data Harvesting
Odyssey Stealer’s data collection is not limited to browser information. It also targets cryptocurrency wallet extensions, seeking out approximately 300 different IDs to access browser-based wallets. Additionally, the malware searches for wallet files associated with 16 desktop cryptocurrency applications, such as Electrum, Exodus, Ledger Live, Trezor Suite, Bitcoin Core, Litecoin Core, Dash Core, and Monero. This broad targeting strategy puts both software and hardware wallet users at significant risk.
Beyond financial data, the malware harvests SSH keys and configuration data for cloud services like AWS, Google Cloud, Azure, and Docker. It also collects FileZilla logins, Keychain database contents, Telegram and Discord information, shell history, and locally retrievable passwords. This extensive data collection provides attackers with multiple avenues to exploit compromised systems further.
Persistence Mechanisms
To maintain its presence on infected systems, Odyssey Stealer installs a persistent LaunchDaemon, a system component that allows programs to start automatically. This persistence mechanism ensures the malware can continue its data collection activities even after a system reboot, without requiring the user to reopen the initial malicious lure.
The resurgence of Odyssey Stealer underscores the evolving threats facing macOS users. As attackers refine their methods, it’s crucial for individuals and organizations to remain vigilant. Regularly updating software, verifying the authenticity of downloads, and exercising caution with unsolicited prompts can help mitigate the risk of infection. Additionally, employing comprehensive security solutions and educating users about social engineering tactics are essential steps in defending against such sophisticated malware campaigns.