: It extracts saved passwords, cookies, and credit card information from Chrome, Firefox, and Safari.
: A user downloads the .zip file believing it contains a legitimate prize or utility. Hoobamon_Reward_96.zip
: It searches for sensitive documents, Keychain data, and desktop files. : It extracts saved passwords, cookies, and credit
Once authorized, the script inside the archive begins a rapid "harvesting" process: : It extracts saved passwords
: It specifically targets browser extensions for cryptocurrency wallets like MetaMask and Coinbase.