This malware variant is challenging Apple’s security

17 Jan 2025

Are Apple devices secure? This new malware intends to burst the myth. Over 100 million Apple users are exposed to the risk of being targeted by malware specially built for Apple, utilizing superior encryption based on Apple’s XProtect to bypass detection.

 

Let us explore what Banshee malware is, the threat it poses to Apple devices, and plausible prevention and security best practices to secure their information on Macs.

What is Banshee malware? Why is Banshee malware dangerous?

Banshee is an infostealer malware tailored specifically for MacOS devices, engineered to steal browser credentials (from browsers like Chrome, Vivaldi, Opera, and Edge), cryptocurrency wallets, and other sensitive data.  

 

It was discovered in 2023 on the XSS forum, a popular dark web forum among Russian-speaking users, especially Advanced Persistent Threat (APT) Groups.  

 

A newly evolved variant has become prevalent on the forum. It utilizes a unique string adopted from Apple’s antivirus, XProtect.

 

Through this encryption mechanism, the malware can remain undetected for over two months! What makes the malware dangerous is that Apple’s detection mechanism considers it legitimate while it collects information.

 

It is sold as stealer-as-a-service for 3000 dollars on the dark web marketplace and Telegram. Threat actors have distributed it through phishing websites and fake GitHub repositories. They are also distributed on social media and YouTube, where it is often disguised as cracked versions of popular software.

 

The recent update has removed the Russian language check that enables the malware to extend its range of targets.   The malware has allowed threat actors to extend their range of targets to Apple Mac OS users, which was previously focused on Windows users.

Security tips to reduce the risk of being targeted

The following are some of the security tips that must be followed by Mac OS users to secure their personal, financial, and other sensitive information secure from the risk of getting compromised by Banshee malware:

 

  • Keep the applications downloaded in check ensuring that they are downloaded from legitimate sources. Threat actors often
  • disguise Banshee malware as a cracked version of popular software.
  • Block websites that allow users to download pirated software
  • Update XProtect if you haven’t already. It comprises fixes against recent security vulnerabilities that allow exposure to the risk of Banshee malware.
  • Consider a paid antivirus application that is frequently updated and has a better detection mechanism.

 

Always follow cybersecurity hygiene practices like:

 

  • Keeping your systems updated
  • Using strong passwords and changing them regularly
  • Keeping your location anonymous and secure by using a VPN
  • Adding a layer to your security through Multi-Factor Authentication

To summarize

The emergence of Banshee infostealer malware is allowing threat actors to target Mac OS users, enabling them to steal sensitive information like browser-based credentials from browsers like Chrome, Vivaldi, Brave, and others.

 

Unlike other malware, it utilizes a unique string encryption that evades detection from Apple’s antivirus XProtect.

 

Cybersecurity experts have advised users to secure their sensitive information assets by keeping a check on downloaded applications, blocking illegitimate websites with pirated software, and following cybersecurity best practices.

Get in Touch With us

Complete Visibility, Continuous Monitoring & Advanced Threat Protection with AI-backed Incident Remediation.

LEARN MORE