Get free scan and check if your device is infected.
Remove it nowTo use full-featured product, you have to purchase a license for Combo Cleaner. Seven days free trial available. Combo Cleaner is owned and operated by RCS LT, the parent company of PCRisk.com.
What kind of malware is BeaverTail?
BeaverTail is an information stealer targeting macOS users. Cybercriminals distribute it via a fake website hosting an application mimicking a legitimate service. In addition to stealing information, BeaverTail downloads additional malware that operates as a backdoor. Thus, BeaverTail should be removed from infected systems immediately to avoid potential consequences.
BeaverTail malware overview
BeaverTail is malware that targets sensitive data stored within cryptocurrency wallets and credit card information saved in web browsers. By targeting cryptocurrency wallets, BeaverTail aims to steal private keys or other credentials necessary for transactions. This allows cybercriminals to steal cryptocurrency from victims.
Also, BeaverTail can locate and extract credit card numbers, expiration dates, and security codes stored in web browsers. This data theft can lead to financial fraud, unauthorized transactions, and challenges in recovering losses or securing affected accounts. In addition to stealing the aforementioned info, BeaverTail can drop other malware known as InvisibleFerret.
InvisibleFerret is a Python-based backdoor malware. This backdoor is capable of logging keystrokes and extracting sensitive information. This means it can covertly capture keystrokes entered by victims, including sensitive information such as login credentials, ID card information, social security numbers, credit card details, and other confidential data.
Its data exfiltration functionality allows malicious actors to transfer stolen information from the compromised system to remote servers controlled by the attackers. Also, this malware can download and execute files, potentially other malicious software. Moreover, it steals data from macOS keychain and and local state files for Chrome, Opera, Brave, and possibly other browsers.
Overall, having a computer infected with BeaverTail and can lead to financial loss, identity theft, additional infections, and possibly other negative consequences.
| Name | BeaverTail stealer |
| Threat Type | Information Stealer, Loader, Mac malware, Mac virus |
| Detection Names | Avast (MacOS:Stealer-AS [Trj]), Combo Cleaner (Trojan.GenericKD.73508796), ESET-NOD32 (OSX/NukeSped.AN), Kaspersky (HEUR:Trojan-PSW.OSX.BeaverTail.gen), Full List Of Detections (VirusTotal) |
| Symptoms | A program that you do not recall installing suddenly appeared on your computer. |
| Distribution Methods | Fake MiroTalk application, deceptive website |
| Damage | Monetary loss, identity theft, additional infections, and possibly other damage. |
| Malware Removal (Windows) |
To eliminate possible malware infections, scan your computer with legitimate antivirus software. Our security researchers recommend using Combo Cleaner. Download Combo CleanerTo use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by RCS LT, the parent company of PCRisk.com. |
Information stealers in general
Information stealers are designed to secretly gather sensitive data from infected systems. They typically target personal and financial information such as login credentials, credit card details, social security numbers, and other sensitive data stored on computers. Information stealers are often capable of evading detection by antivirus software and security measures.
Some examples of other information stealers targeting macOS systems are ROD Stealer, Poseidon Stealer, and PureLand Stealer.
How did malware infect my computer?
BeaverTail masquerades as a legitimate browser-based video call service named MiroTalk. It is distributed via a macOS disk image (the legitimate MiroTalk service does not require an app download). Victims are lured into downloading this malicious software from a fake website resembling the legitimate MiroTalk service. Once downloaded and executed, BeaverTail infiltrates the system.
Other malware distribution methods include sending malicious links or files via email, compromising legitimate pages, crafting malicious advertisements, exploiting software vulnerabilities, hiding malware in pirated software (or cracking tools), infecting USB drives, and utilizing P2P networks (and similar channels).
How to avoid installation of malware?
Always use official websites and app stores when willing to download software. Avoid using sources like P2P networks, questionable websites, third-party downloaders, unofficial app stores, etc. Do not click advertisements, pop-ups, buttons, and links on dubious web pages. Regularly update the operating system and installed applications.
Do not open links and attachments in suspicious emails from unknown addresses. Never download pirated software, cracking tools, key generators. Also, use reputable security software. If your computer is already infected, we recommend running a scan with Combo Cleaner Antivirus for Windows to automatically eliminate all threats.
Malicious DMG file masquerading as MiroTalk installer:
Fake MiroTalk application:
Update 7 April 2025: Recently, threat actors have escalated their campaign by releasing more malicious npm packages that deliver BeaverTail malware, along with new tools to load remote access trojans (RATs). A key change in their tactics is the use of hexadecimal string encoding.
This technique helps attackers avoid detection by automated systems and manual checks, making it harder to spot the malicious code. They continue creating new npm accounts to spread their harmful code on platforms like npm, GitHub, and Bitbucket.
Instant automatic malware removal:
Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
DOWNLOAD Combo CleanerBy downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by RCS LT, the parent company of PCRisk.com.
Quick menu:
Unwanted software removal:
Remove potentially unwanted applications from your "Applications" folder:
Click the Finder icon. In the Finder window, select "Applications". In the applications folder, look for "MPlayerX","NicePlayer", or other suspicious applications and drag them to the Trash. After removing the potentially unwanted application(s) that cause online ads, scan your Mac for any remaining unwanted components.
DOWNLOAD remover for malware infections
Combo Cleaner checks if your computer is infected with malware. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by RCS LT, the parent company of PCRisk.com.
Frequently Asked Questions (FAQ)
My computer is infected with BeaverTail malware, should I format my storage device to get rid of it?
It is recommended to use tools like ComboCleaner for malware moval. Formatting a storage device deletes all data stored on it. Thus, it should be done if nothing else works.
What are the biggest issues that malware can cause?
Malware can cause damage such as identity theft, monetary loss, theft of personal accounts, additional infections, slow computer performance, data encryption, and other issues.
What is the purpose of BeaverTail malware?
BeaverTail steals data from crypto wallets and credit card details from browsers. It can also download malware that logs keystrokes and performs other malicious actions.
How did BeaverTail malware infiltrate my computer?
BeaverTail disguises itself as MiroTalk, a genuine browser-based video call service, using a macOS disk image. Victims are tricked into downloading it from a fake website resembling the legitimate MiroTalk. Upon installation, BeaverTail infiltrates the system.
Will Combo Cleaner protect me from malware?
Combo Cleaner can effectively detect and remove nearly all recognized malware infections. However, sophisticated malware often embeds itself deeply within the system, necessitating a full system scan for detection and removal.
Share:
Facebook
X.com
LinkedIn
Copy Link
Tomas Meskauskas
Expert security researcher, professional malware analyst
I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2010. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats.
PCrisk security portal is brought by a company RCS LT.
Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.
Our malware removal guides are free. However, if you want to support us you can send us a donation.
DonatePCrisk security portal is brought by a company RCS LT.
Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.
Our malware removal guides are free. However, if you want to support us you can send us a donation.
Donate
▼ Show Discussion