FacebookTwitterLinkedIn

How to remove BeaverTail from the infected macOS system

Also Known As: BeaverTail stealer
Type: Mac Virus
Damage level: Severe

Tomas Meskauskas Written by on (updated)

What kind of malware is BeaverTail?

BeaverTail is an information stealer targeting macOS users. Cybercriminals distribute it via a fake website hosting an application mimicking a legitimate service. In addition to stealing information, BeaverTail downloads additional malware that operates as a backdoor. Thus, BeaverTail should be removed from infected systems immediately to avoid potential consequences.

BeaverTail malware

BeaverTail malware overview

BeaverTail is malware that targets sensitive data stored within cryptocurrency wallets and credit card information saved in web browsers. By targeting cryptocurrency wallets, BeaverTail aims to steal private keys or other credentials necessary for transactions. This allows cybercriminals to steal cryptocurrency from victims.

Also, BeaverTail can locate and extract credit card numbers, expiration dates, and security codes stored in web browsers. This data theft can lead to financial fraud, unauthorized transactions, and challenges in recovering losses or securing affected accounts. In addition to stealing the aforementioned info, BeaverTail can drop other malware known as InvisibleFerret.

InvisibleFerret is a Python-based backdoor malware. This backdoor is capable of logging keystrokes and extracting sensitive information. This means it can covertly capture keystrokes entered by victims, including sensitive information such as login credentials, ID card information, social security numbers, credit card details, and other confidential data.

Its data exfiltration functionality allows malicious actors to transfer stolen information from the compromised system to remote servers controlled by the attackers. Also, this malware can download and execute files, potentially other malicious software. Moreover, it steals data from macOS keychain and and local state files for Chrome, Opera, Brave, and possibly other browsers.

Overall, having a computer infected with BeaverTail and can lead to financial loss, identity theft, additional infections, and possibly other negative consequences.

Threat Summary:
Name BeaverTail stealer
Threat Type Information Stealer, Loader, Mac malware, Mac virus
Detection Names Avast (MacOS:Stealer-AS [Trj]), Combo Cleaner (Trojan.GenericKD.73508796), ESET-NOD32 (OSX/NukeSped.AN), Kaspersky (HEUR:Trojan-PSW.OSX.BeaverTail.gen), Full List Of Detections (VirusTotal)
Symptoms A program that you do not recall installing suddenly appeared on your computer.
Distribution Methods Fake MiroTalk application, deceptive website
Damage Monetary loss, identity theft, additional infections, and possibly other damage.
Malware Removal (Mac)

To eliminate possible malware infections, scan your Mac with legitimate antivirus software. Our security researchers recommend using Combo Cleaner.
▼ Download Combo Cleaner for Mac
To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Information stealers in general

Information stealers are designed to secretly gather sensitive data from infected systems. They typically target personal and financial information such as login credentials, credit card details, social security numbers, and other sensitive data stored on computers. Information stealers are often capable of evading detection by antivirus software and security measures.

Some examples of other information stealers targeting macOS systems are ROD Stealer, Poseidon Stealer, and PureLand Stealer.

How did malware infect my computer?

BeaverTail masquerades as a legitimate browser-based video call service named MiroTalk. It is distributed via a macOS disk image (the legitimate MiroTalk service does not require an app download). Victims are lured into downloading this malicious software from a fake website resembling the legitimate MiroTalk service. Once downloaded and executed, BeaverTail infiltrates the system.

Other malware distribution methods include sending malicious links or files via email, compromising legitimate pages, crafting malicious advertisements, exploiting software vulnerabilities, hiding malware in pirated software (or cracking tools), infecting USB drives, and utilizing P2P networks (and similar channels).

How to avoid installation of malware?

Always use official websites and app stores when willing to download software. Avoid using sources like P2P networks, questionable websites, third-party downloaders, unofficial app stores, etc. Do not click advertisements, pop-ups, buttons, and links on dubious web pages. Regularly update the operating system and installed applications.

Do not open links and attachments in suspicious emails from unknown addresses. Never download pirated software, cracking tools, key generators. Also, use reputable security software. If your computer is already infected, we recommend running a scan with Combo Cleaner Antivirus for macOS to automatically eliminate all threats.

Malicious DMG file masquerading as MiroTalk installer:

BeaverTail malware fake mirotalk dmg file

Fake MiroTalk application:

BeaverTail malware fake mirotalk app

Instant automatic Mac malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of Mac malware. Download it by clicking the button below:
 ▼ DOWNLOAD Combo Cleaner for Mac By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

Unwanted software removal:

Remove potentially unwanted applications from your "Applications" folder:

Manual removal of malicious Mac applications

Click the Finder icon. In the Finder window, select "Applications". In the applications folder, look for "MPlayerX","NicePlayer", or other suspicious applications and drag them to the Trash. After removing the potentially unwanted application(s) that cause online ads, scan your Mac for any remaining unwanted components.

Frequently Asked Questions (FAQ)

My computer is infected with BeaverTail malware, should I format my storage device to get rid of it?

It is recommended to use tools like ComboCleaner for malware moval. Formatting a storage device deletes all data stored on it. Thus, it should be done if nothing else works.

What are the biggest issues that malware can cause?

Malware can cause damage such as identity theft, monetary loss, theft of personal accounts, additional infections, slow computer performance, data encryption, and other issues.

What is the purpose of BeaverTail malware?

BeaverTail steals data from crypto wallets and credit card details from browsers. It can also download malware that logs keystrokes and performs other malicious actions.

How did BeaverTail malware infiltrate my computer?

BeaverTail disguises itself as MiroTalk, a genuine browser-based video call service, using a macOS disk image. Victims are tricked into downloading it from a fake website resembling the legitimate MiroTalk. Upon installation, BeaverTail infiltrates the system.

Will Combo Cleaner protect me from malware?

Combo Cleaner can effectively detect and remove nearly all recognized malware infections. However, sophisticated malware often embeds itself deeply within the system, necessitating a full system scan for detection and removal.

▼ Show Discussion

About the author:

Tomas Meskauskas

Tomas Meskauskas - expert security researcher, professional malware analyst.

I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2010. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats. Contact Tomas Meskauskas.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Removal Instructions in other languages
New Removal Guides
Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Top Removal Guides
QR Code
BeaverTail stealer QR code
Scan this QR code to have an easy access removal guide of BeaverTail stealer on your mobile device.
We Recommend:

Get rid of Mac malware infections today:

▼ REMOVE IT NOW
Download Combo Cleaner for Mac

Platform: macOS

Editors' Rating for Combo Cleaner:
Editors ratingOutstanding!

[Back to Top]

To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.