Apple users should be wary of new malware targeting macOS devices. Security researchers at Check Point Research (CPR) have revealed an updated version of the Banshee Stealer malware, which has been quietly targeting macOS users. This malware is designed to extract sensitive information including browser credentials, cryptocurrency wallets, and system passwords, all while remaining virtually anonymous.

The Banshee Stealer first made headlines in mid-2024 when it was advertised on underground forums as a “stealer as a service”, available to cybercriminals for $3,000. The latest version of the malware, discovered in September 2024, uses advanced techniques to evade antivirus systems, including a string encryption method inspired by Apple’s own XProtect antivirus engine. This innovation allowed Banshee to operate undetected for more than two months, posing a significant risk to macOS users.

During its unknown operation, the malware was distributed via phishing websites and fake GitHub repositories, often disguised as legitimate software such as Google Chrome, Telegram, and TradingView. Once installed, Banshee integrates itself into system processes, making detection and removal extremely challenging.

According to Check Point Research, malware doesn’t just infiltrate systems – it seamlessly blends in, stealing data while evading security measures. “This stealthy malware doesn’t just intrude; it blends seamlessly with normal system processes while stealing browser credentials, cryptocurrency wallets, user passwords, and sensitive file data,” CPR said in a blog post. “Even experienced IT professionals struggle to identify its presence. Banshee Stealer is not just another piece of malware – it’s a reason for users to re-evaluate their security assumptions and take proactive measures to protect their data. There is an important warning to be given.”

The revelation of Banshee’s capabilities is a stark reminder of the growing risks facing macOS users. Its advanced evasion techniques allowed it to bypass even sophisticated antivirus systems, taking advantage of macOS users’ trust in the device’s inherent security. The stolen data was sent to the command-and-control server using encrypted files, ensuring minimal traces of the presence of malware.

Interestingly, an important development occurred in November 2024 when the source code of Banshee was leaked on an underground forum. While this leak exposed the inner workings of the malware to potential new developers, it also gave antivirus software makers an opportunity to study and counter its tactics. As a result, detection rates improved and awareness of the Banshee threat spread in the cybersecurity community.

Experts recommend taking several precautionary measures to protect against threats like the Banshee Stealer. Users should avoid downloading software from unverified sources and be alert to system prompts requesting passwords. It is also important to regularly update macOS and antivirus tools to stay safe.

Banshee Stealer serves as a warning to the macOS community, proving that no system is completely immune to cyber threats. As cyber security is evolving, so are the tactics of cyber criminals, making vigilance and proactive measures necessary for digital security.