The long-known Banshee stealer has resurfaced with an advanced malware variant that targets macOS systems. Researchers recently found this malware running active malicious campaigns, exploiting Apple’s XProtect security feature to evade detection.
New Banshee macOS Malware Variant Targets More Macs
Researchers from Check Point Research have discovered a new malware campaign targeting Mac devices. The campaign involves distributing a new variant of the notorious Banshee malware, known for attacking macOS systems.
Banshee malware appeared in 2024 as a “stealer-as-a-service,” offering attack services against Apple Mac systems. However, it couldn’t perform much damage after its source code leaked online, leading to the malware’s shutdown.
Nonetheless, its online code dump enabled the other threat actors to spin off the malware to create new threats.
The new malware campaign has been covertly running since September 2024. The latest Banshee variant exhibits advanced capabilities to avoid detection. It adopts the string encryption feature from Apple’s XProtect security feature for this.
This capability allows the malware to escape detection, appearing as a legitimate operation to Mac security as it continues to steal data. The target information includes data stored in web browsers, such as passwords, cryptocurrency wallets and wallet extensions, IP addresses, system hardware details, and macOS passwords.
In addition, it exhibits all the malicious capabilities of the original Banshee stealer, ensuring that it garners trust from the threat actors’ community.
Unlike its predecessor, the new Banshee variant seems to reach a widespread user base by including Russian systems on its target list.
The threat actors behind this campaign distribute the malware via deceptive GitHub repositories, mimicking various legit software. According to Check Point Research, the attackers also target Windows systems through the same repositories, delivering Lumma stealer.
The researchers have shared the details of the malware campaign in their post.
As always, users may easily avoid this and similar threats by implementing safe online practices, such as downloading software from official sources, avoiding interactions with unsolicited emails and messages, and keeping their systems updated with the latest security fixes.
Let us know your thoughts in the comments.
