This cunning macOS malware evades detection by exploiting Apple’s encryption.

Recently, cybersecurity researchers have discovered a new variant of the Banshee malware, specifically designed for macOS. This malware has shown the ability to bypass Apple's internal protection against malware to steal sensitive information. Banshee first appeared in mid-2024, aimed at extracting data such as system details, browser information, and cryptocurrency wallet data. Initially, it was offered as a theft service for $3,000 a month, but its source code was leaked in November 2024, facilitating its spread.

Despite attempts to shut down the Banshee operation, the malware has continued to develop and be distributed by different hacker groups. The recent variant found appears to be more dangerous and was supposedly created by a different threat actor. Researchers claim that Banshee now uses string encryption provided by XProtect, macOS's built-in antivirus system, allowing it to integrate with the device's normal operations and evade detection.

Moreover, this new version no longer avoids Russian users, suggesting another change in its development team. The recent campaign began in September 2024 and remained undetected for about two months. Although it is difficult to determine how many devices have been infected, it is known that the malware is distributed via GitHub repositories, where threat actors impersonate legitimate software, taking advantage of potential negligence from developers downloading content from this open-source platform.

Researchers have also indicated that the same actors are targeting Windows users, but through Lumma Stealer instead of Banshee. This underscores how macOS is gaining popularity, becoming a more attractive target for these threats. In conclusion, despite its reputation as a secure operating system, the rise of sophisticated threats like the Banshee information thief demonstrates the need to maintain vigilance and adopt proactive cybersecurity measures.