This devious macOS malware bypasses recording by using Apple’s proprietary encryption
- Security researchers at Check Point Research recently discovered a new variant of Banshee malware
- The new variant uses encryption so it can be combined with regular macOS operations
- The campaign continued unabated for two months
Cybersecurity researchers at Check Point Research recently discovered a new version of the Banshee infostealer, capable of bypassing Apple’s built-in malware protection to obtain sensitive data.
Banshee is a macOS-targeted malware that emerged in mid-2024 and was designed to extract sensitive information such as system details, browser data, and cryptocurrency wallet information. Initially sold as a stealer-as-a-service for $3,000 per month, the source code was leaked in November 2024, leading to its wider distribution.
Despite the operation being shut down, Banshee continued to exist, both developed and distributed by various hacking collectives.
Distribution via GitHub
Now the new version appears to be a bit more dangerous and is most likely built by a different threat actor. According to the researchers, Banshee now uses string encryption from Apple’s XProtect, allowing it to combine with normal device operations and avoid being detected. XProtect is macOS’ built-in antivirus system that identifies and blocks known malware using regularly updated signature-based detection.
Additionally, it no longer avoids Russian users, which could indicate that it was built by a different team. This latest campaign appears to have started in September 2024 and went unnoticed for about two months.
While it is impossible to know exactly how many devices are infected with Banshee, we do know that it is distributed through GitHub repositories. Threat actors imitate legitimate software and bet that software developers are careless when downloading content from the open source platform.
Check Point says the same operators are also going after Windows users, but through Lumma Stealer and not Banshee. The researchers also highlighted that macOS continues to gain popularity, making it an increasingly attractive target.
“Despite its reputation as a secure operating system, the emergence of advanced threats such as the Banshee MacOS Stealer highlights the importance of vigilance and proactive cybersecurity measures,” they concluded.
Via BleepingComputer