Apple product users often pride themselves on the robust security of their devices. macOS users, in particular, often rely on features like Gatekeeper and XProtect to mitigate threats. However, Check Point Research (CPR) recently made a significant disclosure, demonstrating that no system is entirely impenetrable.

A new iteration of the stealthy malware, Banshee macOS Stealer, is silently targeting macOS users, pilfering sensitive information such as browser credentials, cryptocurrency wallets, and more. Banshee Stealer is a sophisticated malware first identified in mid-2024. Initially offered as Stealer-as-a-Service on underground forums, it targeted macOS users and was sold to cybercriminals for $3,000.

In September, a new variant emerged employing advanced technology to evade antivirus software. This variant utilises a string encryption method borrowed from Apple’s XProtect antivirus engine, potentially enabling it to remain undetected for over two months.

How does it work?

Once it infiltrates the system, it stealthily insinuates itself into system processes, extracting sensitive data. Like a thief in the night, it operates silently within the system, pilfering everything from browser credentials and cryptocurrency wallet details to even macOS passwords. It repeatedly sends fake system prompts to the user to relinquish their password. Built on advanced technology, it bypasses standard antivirus systems. The malware then puts the stolen data onto the command and control server through an encrypted file.

What to do to avoid it?

This malware has become a threat to macOS users. So, to avoid it, one should keep in mind the following: