- Security researchers from Check Point Research have recently found a new variant of the Banshee malware
- The new variant uses encryption that allows it to be mixed with regular macOS operations
- The campaign went on unabated for two months
Cyber security researchers from Check Point Research recently revealed a new version of the Banshee infostealer that is capable of bypassing Apple’s built-in malware protections to get hold of sensitive data.
Banshee is a macOS-focused malware that appeared in mid-2024, designed to extract sensitive information such as system details, browser data, and cryptocurrency wallet information. Originally sold as a stealer-as-a-service for $3,000 per month, its source code was leaked in November 2024, leading to its wider distribution.
Despite the operation being shut down, Banshee continued to live on, both developed and distributed by various hacking collectives.
Distribution through GitHub
Now the new version appears to be somewhat more dangerous and is most likely built by a different threat actor. According to the researchers, Banshee now uses string encryption from Apple’s XProtect, which allows it to interfere with normal device operations and avoid detection. XProtect is macOS’ built-in antivirus system that identifies and blocks known malware using regularly updated signature-based detection.
Also, it no longer avoids Russian users, which could signal that it was built by a different team. This latest campaign appears to have started in September 2024 and continued unobserved for about two months.
While it is impossible to know exactly how many devices are infected with Banshee, we do know that it is distributed via GitHub repositories. Threat actors impersonate legitimate software, betting on software developers being careless when downloading content from the open source platform.
Check Point says the same operators are also going after Windows users, but through Lumma Stealer, not Banshee. The researchers also emphasized that macOS continues to gain popularity and thus becomes an increasingly attractive target.
“Despite its reputation as a secure operating system, the rise of sophisticated threats like Banshee MacOS Stealer highlights the importance of vigilance and proactive cybersecurity measures,” they concluded.
Via Bleeping Computer
