Summary: The macOS infostealer “Banshee” has been evading antivirus detection by utilizing a string encryption algorithm similar to that used by Apple’s Xprotect. Since its emergence in July, it has been sold on Russian cybercrime marketplaces and has been involved in multiple campaigns targeting both macOS and Windows users.
Threat Actor: 0xe1 / kolosain | 0xe1
Victim: macOS users | macOS users
Key Point :
- Banshee is marketed as a “stealer-as-a-service” for $1,500, primarily targeting credentials from various browsers and cryptocurrency wallet extensions.
- A more potent variant of Banshee, encrypted with the same algorithm as Xprotect, evaded detection for months before its source code was leaked.
- Check Point identified over 26 campaigns spreading Banshee, utilizing methods like GitHub repositories and phishing sites to distribute the malware.
- The malware’s success highlights the need for vigilance among macOS users, despite the platform’s reputation for security.
Source: https://www.darkreading.com/threat-intelligence/banshee-malware-steals-apple-encryption-macs