Cybersecurity researchers have uncovered a brand new, stealthier model of a macOS-focused information-stealing malware known as Banshee Stealer.
“Once thought dormant after its source code leak in late 2024, this new iteration introduces advanced string encryption inspired by Apple’s XProtect,” Verify Level Analysis mentioned in a brand new evaluation shared with The Hacker Information. “This development allows it to bypass antivirus systems, posing a significant risk to over 100 million macOS users globally.”
The cybersecurity firm mentioned it detected the brand new model in late September 2024, with the malware distributed utilizing phishing web sites and pretend GitHub repositories underneath the guise of widespread software program corresponding to Google Chrome, Telegram, and TradingView.
Banshee Stealer was first documented in August 2024 by Elastic Safety Labs. Supplied underneath a malware-as-a-service (MaaS) mannequin to different cybercriminals for $3,000 a month, it is able to harvesting information from net browsers, cryptocurrency wallets, and information matching particular extensions.
The malware operation suffered a setback in late November 2024 when its supply code leaked on-line, prompting it to close down their operations. Nevertheless, Verify Level mentioned it has recognized a number of campaigns nonetheless distributing the malware by phishing web sites, though it is at present not identified if they’re carried out by earlier prospects.
The brand new variant is notable for eradicating a Russian language test used to forestall infections of Macs that had set Russian because the default system language. Dropping the function alludes to the likelihood that the risk actors want to forged a wider internet of potential targets.
One other essential replace is the usage of a string encryption algorithm from Apple’s XProtect antivirus engine to obfuscate the plaintext strings used within the unique model of Banshee Stealer.
“Modern malware campaigns are exploiting common human vulnerabilities, not just platform-specific flaws,” Eli Smadja, safety analysis group supervisor at Verify Level Analysis, mentioned in a press release shared with The Hacker Information. “MacOS, like any other OS, is exposed to these evolving threats, especially as cybercriminals employ advanced techniques like social engineering and fake software updates.”
The event comes as unsolicited messages on Discord are getting used to propagate varied stealer malware households corresponding to Nova Stealer, Ageo Stealer, and Hexon Stealer underneath the pretext of testing out a brand new online game.
“One of the main interests for the stealers seem to be Discord credentials which can be used to expand the network of compromised accounts,” Malwarebytes mentioned. “This also helps them because some of the stolen information includes friends accounts of the victims.”
