Curated Content | Thought Leadership | Technology News

New Banshee Malware Exploit Threatens Over 100 Million macOS Users

A crack in Apple's armor.
Ryan Uliss
Contributing Writer
Close-Up of a Cracked Red Apple

The rise of macOS as a popular operating system has made it an increasingly attractive target for cybercriminals, and the emergence of the new Banshee macOS Stealer highlights just how real this threat has become.

First discovered in mid-2024, Banshee has quickly evolved into a significant danger, capable of stealing browser credentials, cryptocurrency wallet data, system passwords, and other sensitive information from Mac systems. A new version, first detected in September 2024 by Check Point Research, remained undetected for over two months by cleverly incorporating encryption algorithms from XProtect, Apple’s built-in antimalware tool, effectively disguising itself.

Distributed through phishing websites and fake GitHub repositories, Banshee often impersonates legitimate software like Google Chrome or Telegram to deceive users into downloading malicious files.

Once installed, the malware targets browsers such as Chrome and Brave, extracting credentials, cryptocurrency wallet information, and other critical data. It employs convincing fake system pop-ups to trick users into entering their macOS passwords and exfiltrates stolen information via encrypted channels.

With macOS usage exceeding 100 million users worldwide, Banshee is a reminder of the importance of threat awareness and effective cybersecurity protections in place, especially for macOS users who have historically faced fewer threats than their Windows counterparts. As cyberattacks grow more sophisticated, no platform is completely safe.

Why It Matters: The Banshee Stealer malware underscores the increasing risks posed by sophisticated malware targeting macOS systems, which have traditionally been considered secure. By exploiting Apple’s XProtect encryption to evade detection and using phishing campaigns and fake GitHub repositories to distribute malicious files, Banshee reveals vulnerabilities not only in technical defenses but also in user awareness. Its ability to steal sensitive data, including passwords, wallets, and two-factor authentication credentials, reinforces the growing need for proactive security measures as macOS adoption continues to expand globally.

  • Evasion Through Apple’s XProtect Encryption: The latest Banshee version employs a string encryption algorithm stolen from Apple’s XProtect, effectively masking its malicious activity as legitimate system operations. This sophisticated technique helped it avoid detection for over two months.
  • Phishing and GitHub Repository Distribution: Threat actors spread Banshee via fake GitHub repositories and phishing campaigns. These repositories mimicked legitimate software tools, such as Chrome and Telegram, with fake stars and reviews designed to lure unsuspecting users into downloading the malware.
  • Data Exfiltration Capabilities: Once installed, Banshee targets multiple browsers, including Chrome and Brave, to extract sensitive information. It also exploits browser extensions for cryptocurrency wallets and two-factor authentication, capturing highly valuable credentials.
  • Global Expansion of Targets: A previous version of the malware avoided attacking systems with Russian language settings. The latest variant removes this restriction, signaling an intent to cast a wider net of victims.

Go Deeper -> Cracking the Code: How Banshee Stealer Targets macOS Users – Check Point

New macOS Malware Uses Apple’s Own Code to Quietly Steal Credentials and Personal Data — How to Stay Safe – Yahoo Tech

New Banshee Stealer Variant Bypasses Antivirus with Apple’s XProtect-Inspired Encryption – The Hacker News

☀️ Subscribe to the Early Morning Byte! Begin your day informed, engaged, and ready to lead with the latest in technology news and thought leadership.

☀️ Your latest edition of the Early Morning Byte is here! Kickstart your day informed, engaged, and ready to lead with the latest in technology news and thought leadership.

ADVERTISEMENT

×
You have free article(s) left this month courtesy of CIO Partners.

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Would You Like To Save Articles?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Thanks for subscribing!

We’re excited to have you on board. Stay tuned for the latest technology news delivered straight to your inbox.

Save My Spot For TNCR LIVE!

Thursday April 18th

9 AM Pacific / 11 PM Central / 12 PM Eastern

Register for Unlimited Access

Already a member?

Digital Monthly

$12.00/ month

Billed Monthly

Digital Annual

$10.00/ month

Billed Annually

Would You Like To Save Books?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Log In To Access Premium Features

Sign Up For A Free Account

Please enable JavaScript in your browser to complete this form.
Name
Newsletters