Cybersecurity researchers have uncovered a brand new, stealthier model of a macOS-focused information-stealing malware referred to as Banshee Stealer.
“As soon as thought dormant after its supply code leak in late 2024, this new iteration introduces superior string encryption impressed by Apple’s XProtect,” Verify Level Analysis stated in a brand new evaluation shared with The Hacker Information. “This growth permits it to bypass antivirus programs, posing a big threat to over 100 million macOS customers globally.”
The cybersecurity firm stated it detected the brand new model in late September 2024, with the malware distributed utilizing phishing web sites and pretend GitHub repositories below the guise of in style software program akin to Google Chrome, Telegram, and TradingView.
Banshee Stealer was first documented in August 2024 by Elastic Safety Labs. Supplied below a malware-as-a-service (MaaS) mannequin to different cybercriminals for $3,000 a month, it is able to harvesting knowledge from internet browsers, cryptocurrency wallets, and recordsdata matching particular extensions.
The malware operation suffered a setback in late November 2024 when its supply code leaked on-line, prompting it to close down their operations. Nevertheless, Verify Level stated it has recognized a number of campaigns nonetheless distributing the malware by means of phishing web sites, though it is at present not recognized if they’re carried out by earlier prospects.
The brand new variant is notable for eradicating a Russian language verify used to forestall infections of Macs that had set Russian because the default system language. Dropping the function alludes to the chance that the menace actors wish to forged a wider internet of potential targets.
One other essential replace is the usage of a string encryption algorithm from Apple’s XProtect antivirus engine to obfuscate the plaintext strings used within the unique model of Banshee Stealer.
“Fashionable malware campaigns are exploiting frequent human vulnerabilities, not simply platform-specific flaws,” Eli Smadja, safety analysis group supervisor at Verify Level Analysis, stated in an announcement shared with The Hacker Information. “MacOS, like every other OS, is uncovered to those evolving threats, particularly as cybercriminals make use of superior methods like social engineering and pretend software program updates.”
The event comes as unsolicited messages on Discord are getting used to propagate numerous stealer malware households akin to Nova Stealer, Ageo Stealer, and Hexon Stealer below the pretext of testing out a brand new online game.
“One of many foremost pursuits for the stealers appear to be Discord credentials which can be utilized to develop the community of compromised accounts,” Malwarebytes stated. “This additionally helps them as a result of a number of the stolen data contains associates accounts of the victims.”