A new strain of malware named Banshee is putting over 100 million macOS users at risk by bypassing Apple’s XProtect. Researchers from Check Point have uncovered that this malware employs sophisticated encryption techniques, identical to Apple’s own methods, making it difficult for antivirus engines to detect.
Banshee’s Threat to macOS Users
Banshee Stealer targets user credentials, browser data, and crypto wallets, using advanced anti-analysis techniques like forking and process creation to avoid detection. As macOS popularity grows, it has become a more attractive target for cybercriminals.
How Banshee Operates
Banshee collects data from browsers like Chrome, Brave, and Opera, as well as crypto wallet extensions. The stolen data is compressed, XOR encrypted, base64 encoded, and sent to a command and control (C&C) server. The server has evolved to use Relay servers for added stealth.
Distribution and Detection
The malware is distributed through phishing repositories offering fake software downloads. Check Point Research identified a campaign where Banshee was disguised as a Telegram download. Initially sold for $2,999, it is now offered as a service for $1,500 per month. The source code leak has led to increased detection and the emergence of new variants.
Adapting to Evolving Threats
The latest version of Banshee highlights the need for robust security measures. Cybersecurity experts recommend proactive threat intelligence, regular updates, and user vigilance to counter these threats.
For more on cybersecurity threats, visit Check Point Research and CS FOR ALL News.
Stay informed with CS FOR ALL News—your trusted source for the latest updates on coding, technology advancements, hackathons, and global tech events. We bring you exclusive insights, industry trends, and opportunities to accelerate your career in the tech world.