On January 9, 2025, Check Point Research (CSR) announced that it discovered a more sophisticated version of the Banshee Stealer malware.
It warned that businesses must be careful as hackers could use it to “compromise sensitive information and damage reputations.”
READ: AI hacking method steals passwords by listening to keyboards
It evades conventional detection methods, allowing it to inflict long-term damage before IT professionals can pinpoint the virus.
The Banshee Stealer’s increasing threat
The cybersecurity research group says the public discovered the Banshee MacOS Stealer in mid-2024.
Underground forums advertised it as a “stealer-as-a-service,” which could target Apple computer users for $3,000.
In late September, Check Point Research identified a new version that “stole’ a string encryption algorithm from Apple’s official XProtect antivirus engine.
This code replaces the plain text strings in the original version, allowing the Banshee Stealer to evade antivirus engines.
Moreover, cybercriminals distributed this malware via phishing websites and malicious GitHub repositories disguised as popular software tools.
These included Google Chrome, Telegram, and TradingView, and the malware performed the following once it completes installation:
- Steals system data from internet browsers like Chrome and cryptocurrency wallet extensions
- Exploits a two-factor authentication (2FA) extension to capture sensitive credentials
- Collects external IP addresses, macOS passwords, and software and hardware details
- Tricks users into sharing their macOS passwords
- Sends stolen information to outside servers via encrypted and encoded files
In November 2024, its source code leaked on XSS underground forums. As a result, antivirus programs improved their Banshee Stealer detection.
However, multiple campaigns continue to distribute the malware through phishing websites.
In response, businesses and users must bolster their cybersecurity with the latest tools and other proactive methods.
Learn the Internet safety tips that can reduce your cybersecurity risks here.