A newly emerged variant of the notorious Banshee stealer has resurfaced, targeting macOS systems with advanced malware tactics. Security researchers have identified this malicious campaign exploiting Apple’s XProtect security feature to avoid detection.
Latest Banshee macOS Malware Variant Targets Expanded Mac User Base
Check Point Research experts have uncovered a fresh wave of malware attacks targeting Mac devices. This campaign involves the distribution of a new version of the Banshee malware, which is infamous for its assaults on macOS systems.
The Banshee malware first emerged in 2024 as a “stealer-as-a-service,” offering attack capabilities against Apple Mac systems. Despite its initial impact, the malware’s operations were hampered when its source code was leaked online, leading to its shutdown.
However, the leakage of its source code empowered other threat actors to utilize the malware for creating new malicious threats.
The ongoing malware campaign has been running covertly since September 2024. The latest variant of Banshee showcases advanced features designed to evade detection. By leveraging string encryption from Apple’s XProtect security feature, the malware masquerades as a legitimate process, enabling it to steal sensitive data undetected.
The targeted information includes data stored in web browsers, such as passwords, cryptocurrency wallets, IP addresses, system hardware details, and macOS passwords.
In addition to its enhanced evasion techniques, the new Banshee variant retains all the malicious functionalities of its predecessor, solidifying its reputation within the threat actors’ community.
Unlike the previous version, the latest Banshee variant has expanded its reach to include Russian systems in its target list.
The threat actors responsible for this campaign distribute the malware through deceptive GitHub repositories, posing as legitimate software. According to Check Point Research, the attackers also target Windows systems using the same repositories to distribute the Lumma stealer.
Check Point Research has shared comprehensive details of this malware campaign in their article.
To protect against such threats, users are advised to practice safe online habits, such as downloading software from official sources, avoiding interactions with unsolicited emails and messages, and ensuring their systems are up to date with the latest security patches.
We welcome your feedback and thoughts in the comments section.
