- Security researchers at Check Point Research recently found a new variant of Banshee malware
- The new variant uses encryption that allows it to be combined with regular macOS operations.
- The campaign did not stop for two months.
Cybersecurity researchers at Check Point Research recently discovered a new version of the Banshee information stealer, capable of bypassing Apple’s built-in malware protection to capture sensitive data.
Banshee is a macOS-focused malware that emerged in mid-2024 and is designed to extract sensitive information such as system details, browser data, and cryptocurrency wallet information. Initially sold as a stealer-as-a-service for $3,000 a month, its source code was leaked in November 2024, leading to its wider dissemination.
Even though the operation was shut down, Banshee continued to live on, being developed and distributed by various hacker collectives.
Distribution via GitHub
Now, the new version appears to be somewhat more dangerous and was most likely created by a different threat actor. According to researchers, Banshee now uses Apple’s XProtect string encryption, allowing it to blend in with the device’s normal operations and avoid detection. XProtect is macOS’ built-in antivirus system that identifies and blocks known malware using regularly updated signature-based detection.
Additionally, it no longer avoids Russian users, which could indicate that it was created by a different team. This latest campaign appears to have begun in September 2024 and continued unobserved for approximately two months.
While it’s impossible to know exactly how many devices are infected with Banshee, we do know that it is distributed through GitHub repositories. Threat actors pose as legitimate software and bet that software developers are careless when downloading content from the open source platform.
Check Point says the same operators are also going after Windows users, but through Lumma Stealer, not Banshee. The researchers also highlighted that macOS continues to gain popularity, thus becoming an increasingly attractive target.
“Despite its reputation as a secure operating system, the rise of sophisticated threats like Banshee MacOS Stealer highlights the importance of vigilance and proactive cybersecurity measures,” they concluded.
Through beepcomputer
