- Security researchers from Check Point Research recently discovered a new variant of Banshee malware
- The new variant uses encryption that allows it to blend in with regular macOS operations.
- The campaign continued unabated for two months
Cybersecurity researchers at Check Point Research recently discovered a new version of the information stealer Banshee that can bypass Apple’s built-in malware protection to recover sensitive data.
Banshee is a macOS-focused malware that appeared in mid-2024, designed to extract sensitive information such as system details, browser data, and cryptocurrency wallet information. Initially sold as a service for $3,000 per month, its source code was leaked in November 2024, leading to its wider distribution.
Despite the operation being shut down, Banshee continued to live on, being both developed and distributed by various hacker collectives.
Distribution via GitHub
Today, the new version appears to be a bit more dangerous and is most likely built by another malicious actor. According to the researchers, Banshee now uses Apple’s XProtect string encryption, which allows it to blend in with the normal operation of the device and avoid detection. XProtect is macOS’s built-in antivirus system that identifies and blocks known malware with regularly updated signature-based detection.
Additionally, it no longer avoids Russian users, which could indicate that it was built by another team. This latest campaign appears to have begun in September 2024 and continued unsupervised for approximately two months.
Although it is impossible to know exactly how many devices are infected with Banshee, we do know that it is distributed via GitHub repositories. The threat actors pretend to be legitimate software and bank on the negligence of software developers when downloading content from the open source platform.
Check Point claims that the same operators are also preying on Windows users, but through Lumma Stealer and not Banshee. The researchers also pointed out that macOS continues to grow in popularity, becoming an increasingly attractive target.
“Despite its reputation as a secure operating system, the rise of sophisticated threats like Banshee MacOS Stealer highlights the importance of vigilance and proactive cybersecurity measures,” they concluded.
Via BeepComputer
