As macOS users, we often take pride in the security of our devices, trusting features like Gatekeeper and XProtect to keep threats at bay. But recent revelations by Check Point Research (CPR) remind us that no system is completely immune. A new version of the Banshee macOS Stealer, a stealthy malware, has been quietly targeting macOS users, stealing sensitive information like browser credentials, cryptocurrency wallets, and more.
Banshee Stealer is a sophisticated malware first seen in mid-2024. Initially advertised as a “stealer-as-a-service” on underground forums, it was sold for $3,000 to cybercriminals targeting macOS users. In September, a new version emerged, introducing advanced techniques to evade detection by antivirus software.
This malware uses a string encryption method borrowed from Apple’s XProtect antivirus engine, which likely allowed it to remain undetected for over two months. During this time, threat actors distributed Banshee via phishing websites and fake GitHub repositories, often disguised as popular tools like Chrome, Telegram, and TradingView.
Also read: Govt issues high-risk alert for iPhone, iPad, and Mac users in India: Is your device safe?
Once installed, Banshee operates stealthily, blending into system processes while extracting sensitive data. Here’s how it targets users:
Also read: High-risk security flaw found in iPhones and other Apple products: Is your device safe?
This malware highlights the growing risks for macOS users. To protect yourself: