Beware — there’s an advanced malware targeting macOS users and stealing sensitive data

Although it was long believed that Windows devices are more susceptible to malware and virusesThis does not mean that Apple devices are unfamiliar with such threats. In fact, as the macOS user base grows rapidly, the operating system is becoming an increasingly popular target for malware attacks.

According to security researchers from Check Point Research (CPR)A new version of Banshee macOS Stealer has arrived, capable of extracting sensitive information such as system passwords, browser credentials, and cryptocurrency wallets.

The new Banshee macOS Stealer fits seamlessly into the system

Banshee macOS Stealer first came to public attention in mid-2024 and was promoted as a “stealer as a service” on platforms such as Telegram. Check Point researchers reported that cybercriminals may have purchased malware for $3,000 to target macOS users.

The latest version of the malware was discovered in September 2024, but there was an unexpected twist. The developers stole the string encryption algorithm from Apple’s XProtect antivirus, which likely helped it remain undetected by antivirus systems for more than two months. Although the service was eventually shut down after the malware’s source code leaked to the dark web, the damage had already been done during its undetected launch.

The malware, often masquerading as well-known programs such as Google Chrome, Telegram and TradingView, was distributed through phishing sites and malicious GitHub repositories. Once on the Mac, it fit seamlessly into the system, making detection incredibly difficult even for experienced IT professionals.

The malware uses pop-ups that mimic system prompts to trick macOS users into entering their system passwords. It targets browsers such as Chrome and Brave, as well as browser extensions for cryptocurrency wallets. In addition to using two-factor authentication (2FA) to steal sensitive credentials, Banshee Stealer also collects data such as external IP addresses.

Always be vigilant

When the malware’s source code was leaked onto underground forums, antivirus software makers undoubtedly had the perfect opportunity to study its tactics and take notes on how to better detect and counter similar threats in the future. However, the leak also revealed the inner workings of the malware, raising alarm bells that other cybercriminals may be developing new variants.

To stay protected from such attacks in the future, it’s critical to take precautions now, no matter how secure you think your Mac is. In addition to including various security features that all Apple users should useAlways check before downloading software from unverified sources. Apple also regularly releases software updates with security patches to address known threats, so it’s always a good idea to save Mac updated to the latest version of macOS!