The Banshee Stealer has emerged as a significant threat to macOS users worldwide, particularly those in Russian-speaking countries, as revealed by researcher Antonis Terefos from Check Point.
Initially brought to light in August 2024, Banshee Stealer was introduced by its developer as a Service, priced at $3,000 per month. This malware can target both macOS x86_64 and ARM64 architectures, stealing credentials, cookies, and other sensitive data from popular browsers and browser extensions, including cryptocurrency wallets and 2-factor authentication information. It can even access users’ macOS passwords stored in the Keychain.
Originally designed to avoid infecting systems with the Russian language as the primary language, a variant without the language check has now been observed by Terefos, increasing the potential reach of the malware.
The evolution of Banshee Stealer took a significant turn when its source code was leaked online in late November. This leak prompted the shutdown of operations by the individual or group behind the malware. Before the leak, the developer improved the malware’s stealth capabilities by implementing string encryption similar to that used by XProtect, macOS’s anti-malware engine. This enhancement enabled Banshee Stealer to evade detection for over two months until antivirus engines improved their detection mechanisms post the leak.
Following the source code leak, Banshee Stealer continues to pose a threat through multiple campaigns distributing the malware via phishing websites. These campaigns often masquerade as offers for popular software downloads such as Telegram, TradingView, or Parallels. The exact method of luring victims to these phishing websites remains unclear, but users seeking cracked software or tools from unauthorized sources are especially vulnerable to such attacks.
Terefos expressed concerns that other malware developers could base new macOS stealers on the leaked source code of Banshee. With over 100 million macOS users globally, the potential pool of victims is substantial, making it an attractive target for cybercriminals.
In conclusion, the persistence of Banshee Stealer highlights the ongoing challenges faced by macOS users in safeguarding their sensitive information against evolving malware threats. Vigilance and caution are paramount when downloading software or files from unknown sources to prevent falling victim to such malicious activities.