Banshee Malware Puts 100 Million Apple Users At Risk Of Data Theft

hero%20mac%20malware
Many people believe MacBooks are impervious to malware. While strong security measures such as Xprotect, Gatekeeper, and Sandboxing are in place on macOS, they do not offer foolproof protection. Case in point: Cyber security tech giant Check Point has issued an urgent security warning to millions of Mac users worldwide who are at risk of infection by a newly developed malware called the "Banshee macOS stealer." Cybercriminals designed this malware to steal sensitive information from macOS while remaining undetected.

Check Point revealed that bad actors install this malware on MacBooks through phishing sites that are posing as authentic portals. Banshee first emerged through Russian cybercrime marketplaces, where it was initially sold for about $3,000 and later for $1500. It was designed to steal macOS users' login credentials, cryptocurrency wallets, and other sensitive information. For four months, these cybercriminals ran a "stealer-as-a-service" on Telegram and dark web forums like XSS and Exploit and continued to develop the malware. During this period, they hired people to run campaigns against macOS users.
macos mac malware hero
Bad actors install this malware on MacBooks through phishing websites.

Due to its plaintext packaging, the malware was initially detected by antivirus software. However, in September 2024, Check Point detected a more stealth version of “Banshee." This updated malware uses string encryption to obscure its code, making it different from previous versions that stored all strings in plain text. The encryption shares similarities with that used by Apple's macOS XProtect antivirus engine, hence, it's likely that Banshee's creator mirrored it to create the updated malware.   

After successfully evading detection for approximately two months, its original code was leaked on XSS forums in November, making it possible for antivirus engines to detect its core functionality. Check Point updated its detection rules to identify both the original leaked code and the subsequent updated versions, leading to the shutdown of the Banshee stealer-as-a-service operation.

So, while no operating system is completely free from attacks, you can prevent your Macbook from being compromised by this sophisticated malware. As is universally the case, Check Point recommends that users avoid clicking links from unknown sources and that users keep macOS and a macOS Antivirus up-to-date.