- Security researchers from Check Point Research recently find new variant of Banshee malware
- The new variant uses encryption that allows it to blend with regular macOS operations
- The campaign went unabated for two months
Cybersecurity researchers from Check Point Research recently uncovered a new version of the Banshee infostealer, capable of bypassing Apple’s built-in malware protection to grab sensitive data.
Banshee is a macOS-focused malware which emerged in mid-2024, designed to extract sensitive information such as system details, browser data, and cryptocurrency wallet information. Initially sold as a stealer-as-a-service for $3,000 per month, its source code was leaked in November 2024, leading to its broader dissemination.
Despite the operation being shut down, Banshee continued to live, being both developed, and distributed, by various hacking collectives.
Distribution through GitHub
Now, the new version seems to be somewhat more dangerous, and is most likely built by a different threat actor. According to the researchers, Banshee now uses string encryption from Apple’s XProtect, allowing it to blend with normal device operations and avoid being detected. XProtect is macOS’s built-in antivirus system that identifies and blocks known malware using regularly updated signature-based detection.
Furthermore, it no longer avoids Russian users, which could signal that it was built by a different team. This latest campaign seems to have started in September 2024, and continued unobserved for roughly two months.
While it is impossible to know exactly how many devices are infected with Banshee, we do know that it’s being distributed via GitHub repositories. Threat actors are impersonating legitimate software, and are betting on software developers being careless when downloading content from the open-source platform.
Check Point says that the same operators are also going after Windows users, but through Lumma Stealer, not Banshee. The researchers also stressed that macOS continues to gain popularity, thus becoming an increasingly attractive target.
“Despite its reputation as a secure operating system, the rise of sophisticated threats like the Banshee MacOS Stealer highlights the importance of vigilance and proactive cyber security measures,” they concluded.
Via BleepingComputer
