A new variant of malware called Banshee Stealer, mainly targeting macOS users, has been detected since late last year.
Banshee stealers can steal browser credentials, cryptocurrency wallets, and other sensitive data without your knowledge. What makes it dangerous is its ability to evade detection, built on a string encryption taken from Apple’s Xprotect.
Although Apple’s macOS is built on Unix-based architecture, it’s not immune to attacks.
Historically Windows is less secure than macOS given the large market share and several factors.
How Banshee Stealer Was Detected
The Banshee MacOS Stealer was drawn to attention in mid-2024 on dark web forums where it was advertised as “stealer-as-a-service” to empower threat actors in their operations against macOS users.
A research team known as Check Point Research (CPR) have been monitoring the outlook of the malware for months and in September they found out a newer version undetected for over two months.
The evasion of detection was due to a “stolen” string encryption algorithm from Apple’s own XProtect antivirus engine, which replaced the plain text strings.
Fortunately, the malware slowed down in November when its source code was leaked on dark web forums.
Why This Matters
The emergence of Banshee Stealer serves as a reminder that no system is entirely secure.
The ability of the malware to exploit the very tools designed to protect such as Apple’s Xprotect, underscores the importance of proactive security measures.
For users, this means regularly updating software, using reputable antivirus programs, and maintaining vigilance against suspicious downloads or emails.
For organizations, it highlights the need for robust endpoint protection and continuous monitoring of potential threats.
As the cybersecurity landscape evolves, staying informed and prepared is essential to mitigating the risks posed by advanced threats like Banshee Stealer.
Source: Check Point
About Author
