Banshee Stealer, a macOS-focused malware, has re-emerged with a stealthier version, according to researchers. This updated malware uses advanced encryption techniques inspired by Apple’s XProtect to bypass antivirus systems, putting millions of macOS users at risk.
Initially uncovered in 2024, Banshee Stealer was thought to be inactive after its source code was leaked. However, a new version was detected in late September 2024. Cybercriminals are distributing this malware through phishing websites and fake repositories posing as popular software like Google Chrome, TradingView, and Telegram.
The malware, originally offered as a malware-as-a-service (MaaS) for $3,000 monthly, steals sensitive data from web browsers, cryptocurrency wallets, and specific file types. Recent campaigns show attackers targeting both macOS and Windows users. For example, Windows users are being hit with Lumma Stealer, indicating efforts to compromise a broader range of systems.
A significant update in this version of Banshee is the removal of its previous safeguard against targeting Russian-language systems. This suggests attackers aim to expand their scope globally. Additionally, the malware now incorporates encryption algorithms from Apple’s XProtect, making it harder for antivirus software to detect.
Experts warn that modern malware campaigns are not limited to exploiting system vulnerabilities. They also leverage human weaknesses through tactics like phishing and fake software updates. Platforms like Discord are also being misused to spread stealer malware disguised as new video game tests, with a focus on capturing credentials to infiltrate networks further.
How to Stay Safe
To prevent falling victim to Banshee Stealer or similar malware, always download software from trusted sources. Be cautious of phishing messages or unsolicited links, especially those offering updates or downloads. Regularly update your macOS and antivirus software to strengthen your system’s defenses against evolving threats.