A new variant of the Banshee malware has been discovered, putting the online security of 100 million macOS users at risk. The new malware variant was detected by security researchers at Check Point Research, who claim that Banshee is being used to steal macOS users’ browser credentials, cryptocurrency wallets and other sensitive data.
In a blog post discussing the severity of the threat posed by Banshee, Checkpoint Research said,“This stealthy malware doesn’t just infiltrate; it operates undetected, blending seamlessly with normal system processes while stealing browser credentials, cryptocurrency wallets, user passwords, and sensitive file data. What makes Banshee truly alarming is its ability to evade detection.”
“Even seasoned IT professionals struggle to identify its presence. Banshee stealer isn’t just another piece of malware—it’s a critical warning for users to reassess their security assumptions and take proactive measures to safeguard their data.” the company added
What is Banshee malware?
Banshee macOS stealer was first discovered by Checkpoint in mid-2024. It was advertised as a “stealer-as-a-service” on underground forums such as XSS and Exploit and Telegram, where threat actors could purchase this malware to target MacOS users.
At the end of September, a new, undetected version of Banshee was found that had stolen a string encryption algorithm from Apple’s XProtect anti-virus engine and also replicated the plaintext strings used in the original version.
In simpler terms, the new changes allowed Banshee to evade detection by anti-virus softwares for over two months, as they expected this behaviour from Apple’s security software.
During this time, Banshee was distributed as malware via many phishing websites and malicious GitHub repositories, posing as popular software such as Google Chrome, Telegram and TradingView.
However, things took an interesting turn in November 2024 when Banshee’s source code was leaked on an underground forum. The leak allowed antivirus software makers to prepare for the malware, leading to better detection and awareness of new variants being developed by other actors.
