A Fresh Threat: Banshee macOS Stealer Puts 100 Million Apple Users at Risk

While Apple’s Macs are often considered safer than Windows PCs, they are by no means invulnerable. Security researchers from Check Point Research have issued a stark warning to 100 million Apple users about a new variant of the infamous Banshee malware, capable of stealing browser credentials, cryptocurrency wallets, and other sensitive data.

First identified by Check Point in mid-2024, the Banshee macOS Stealer is a malware-as-a-service tool designed to target macOS users. The latest strain, detected in September, has raised alarm bells for its ability to evade detection by using Apple’s own encryption methods. According to Check Point, the malware “stole a string encryption algorithm from Apple’s own XProtect antivirus engine, replacing the plain text strings used in the original version.” This tactic allowed it to blend seamlessly with legitimate security processes, leaving Apple’s antivirus tools unable to flag it as suspicious.

This sophisticated approach enabled the malware to operate undetected for over two months, quietly siphoning data from infected devices. The deception was only uncovered after the source code for Banshee macOS Stealer was leaked on underground forums in November 2024. Although the original service was shut down, Check Point warned that new variants would inevitably emerge—and they have.

How Banshee Targets Users

The latest version of Banshee is being distributed via phishing websites and fake GitHub repositories, often masquerading as trusted software such as Chrome or Telegram. These malicious repositories were deployed in three separate waves, with hackers going to great lengths to make them appear legitimate, including adding fake stars and reviews to trick users.

In addition to targeting macOS users, some campaigns also went after Windows users with another malware variant, Lumma Stealer.

“This stealthy malware doesn’t just infiltrate,” Check Point researchers explained, “it operates undetected, blending seamlessly with normal system processes while stealing browser credentials, cryptocurrency wallets, user passwords, and sensitive file data.”

The malware is particularly effective at exploiting web browsers such as Chrome and Edge, as well as browser extensions for cryptocurrency wallets. It also manipulates two-factor authentication extensions to capture sensitive credentials. Fake system prompts designed to mimic legitimate macOS pop-ups further trick users into providing their passwords.

A Call to Action: Staying Safe

Check Point researchers have called Banshee Stealer a “critical warning” for users to reassess their security measures. Despite Apple’s strong built-in security features, the rise of this malware underscores that no operating system is entirely immune.

Here are steps you can take to protect yourself:

1. Be Cautious About Downloads: Always verify the source of any app or software you download. Fake repositories can be highly convincing, so double-check the authenticity of the developer or website.
2. Use Additional Antivirus Software: While macOS includes XProtect, adding a third-party antivirus solution can provide an extra layer of protection. Paid antivirus tools are often updated more frequently and may include additional features like VPNs or password managers.
3. Stay Updated: Ensure your operating system and applications are always up to date to benefit from the latest security patches.
4. Educate Yourself on Phishing Techniques: Be aware of common phishing tactics, and don’t click on links or download attachments from unknown sources.
5. Enable Two-Factor Authentication Safely: Use 2FA wherever possible, but be cautious of fake prompts that might attempt to harvest your credentials.

Banshee Stealer is a reminder that even the most robust systems require vigilance. Taking proactive measures now can save you from becoming the next victim of cybercriminals exploiting evolving malware tactics.