Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
Close Menu
Latest News
Human Rights Watch argues for Westernization of Saudi ArabiaSevan Island beaches: Armenia’s “Blue Pearl” is ready to receive vacationersWhat I learned about change management while renovating my homeShane Negrinжавахкская диаспора России призывает власти урегулировать проблWWE: Resultados Smackdown Live 19 dezembro – Impacto GlobalWhatsapp latest status | Sebugiমানবতাবিরোধী অপরাধের বিচারপ্রক্রিয়া থেমে Parameters | Spring 2023 > U.S. Military War CollegeChina’s future military capabilities > U.S. Army War CollegeThe American and the Dragon: Confederate War Lessons from the Boxer Rebellion > U.S. Military War CollegeCaribbean Security Challenges: Threats, Migration, and International Cooperation > U.S. Military War CollegeWe don’t really know which NATO allies are stepping up. > U.S. Military War CollegeNATO national defense demands improvements on the Eastern Front > U.S. Army War CollegeAnnual Forecast of the Strategic Security Environment for 2023 > U.S. Military War CollegeParameters | Winter 2023-24 > U.S. Military War CollegeDeterring war without threatening war: Repairing the West’s risk-averse approach to deterrence > U.S. Army War ColHigh North International Competition: Kingston Conference on International Security 2022 > U.S. Military War CollegeParameters | Spring 2024 > U.S. Military War CollegeResearch Handbook on NATO “Collective Defense” > U.S. Military War CollegeEmerging Technologies and Terrorism: An American Perspective > U.S. Military War CollegeArgentina: Security Challenges and the Government Response > US Army War CollegeBook Review: Thank You for Your Service: The Causes and Consequences of Public Confidence in the U.S. Military > U.S. ArActive on both sides of the U.S.-China conflict > U.S. Army War CollegeParameters | Summer 2024 > U.S. Military War CollegeA Call to Action: Lessons from Ukraine for Future Military > U.S. Military War CollegeComments Isn’t it safe?Lieutenant General Robert C. Richardson, Jr.: Commander, Central Pacific Theater Army, Admiral Chester W. Nimitz 1943-19Annual Forecast of the Strategic Security Environment for 2024 > U.S. Army War CollegeNATO’s 75th Anniversary Strategic Concept > U.S. Military War CollegeDurdum Sustum GülümsedimDeneme Günlüğü | Donanim Harbor ForumSatellites in the Russia-Ukraine War > U.S. Military War CollegeParameters | Fall 2024 > U.S. Military War CollegeThe Growing Significance of China-Russia Defense Cooperation > US Army War College
Avice Intelligence and Security

Banshee Stealer Hits macOS Users via Fake GitHub Repositories

chief editorBy No Comments4 Mins Read


SUMMARY

  • Banshee Stealer targets macOS users, distributed via fake GitHub repositories and phishing sites.
  • The malware steals browser credentials, cryptocurrency wallets, 2FA codes, and system details.
  • It evades detection using Apple’s XProtect algorithm and deceptive system pop-ups.
  • Threat actors expanded targets by removing regional restrictions in the malware.
  • Source code leaked in November 2024, but risks remain with evolving cyber threats.

Cybersecurity researchers at Check Point detected a new version of Banshee Stealer in late September 2024, distributed via phishing websites and fake GitHub repositories. According to their investigation, shared exclusively with Hackread.com this infostealer resembles popular software like Google Chrome, Telegram, and TradingView.

For your information, Banshee macOS Stealer targets macOS users and steals browser credentials, cryptocurrency wallets, and other sensitive data. It was first detected by Elastic Security Labs in August 2024 and was advertised on underground forums like XSS, Exploit, and Telegram, as a “stealer-as-a-service”. 

This newly discovered version includes a string encryption algorithm “stolen” from Apple’s own XProtect antivirus engine, which allowed it to evade detection for over two months. In addition, it doesn’t include its Russian language check, which was previously used to prevent the malware from targeting specific regions, indicating an expansion in its potential targets.

Check Point has identified multiple campaigns distributing the malware through phishing websites, although it’s unclear if they are carried out by previous customers. Threat actors utilized GitHub repositories for Banshee distribution, targeting macOS users with Banshee and Windows users with Lumma Stealer. Malicious repositories were created over three waves, appearing legitimate with stars and reviews, and luring users into downloading malware

Banshee Stealer Hits macOS Users via Fake GitHub Repositories
Screenshot via CPR

Banshee Stealer can harvest data from web browsers, cryptocurrency wallets, and files with specific extensions, including stealing login credentials from web browsers like Chrome, Brave, Edge, and Vivaldi. It also targets browser extensions, specifically those for cryptocurrency wallets, potentially compromising your digital assets.

Additionally, it can capture your Two-Factor Authentication (2FA) credentials, bypassing an extra layer of security for your accounts. Furthermore, it drains off software and hardware details from your device, along with your external IP address and macOS passwords, giving attackers a complete picture of your system.

Also, Banshee Stealer utilizes deceptive pop-ups that mimic legitimate system prompts. These pop-ups can trick you into unknowingly revealing your macOS password, granting the malware administrative access to your system. The malware employs anti-analysis techniques to avoid detection by security tools.

This makes it difficult to identify its presence on your device using traditional methods. Once stolen, your data is sent to the attacker’s command-and-control servers through encrypted and encoded channels, making it challenging to track or intercept. Its source code leaked online in November 2024, leading to its shutdown. Still, it highlights how cyber threats are evolving continually. 

“Businesses must recognize the broader risks posed by modern malware, including costly data breaches that compromise sensitive information and damage reputations, targeted attacks on cryptocurrency wallets that threaten digital assets, and operational disruptions caused by stealthy malware that evades detection and inflicts long-term harm before being identified,” CPR researchers noted in the blog post.

Ms. Ngoc Bui, Cybersecurity Expert at Menlo Security, a Mountain View, Calif.-based provider of browser security commented on the latatest development stating, This new Banshee Stealer variant exposes a critical gap in Mac security. While companies are increasingly adopting Apple ecosystems, the security tools haven’t kept pace. Even leading EDR solutions have limitations on Macs, leaving organizations with significant blind spots. We need a multi-layered approach to security, including more trained hunters on Mac environments.

  1. Fake Google Meet Alerts Install Malware on Windows, macOS
  2. “HM Surf” macOS Flaw Lets Attackers Access Camera and Mic
  3. Hackers Could Exploit Microsoft Teams on macOS to Steal Data
  4. TodoSwift Malware Targets macOS, Disguised as Bitcoin PDF App
  5. Lazarus Group Hits macOS with RustyAttr Trojan in Fake Job PDFs





Source link

Trusted source for breaking news and journalism. Avice News Trust is a leading media organization dedicated to delivering reliable news coverage and journalism. As a digital news platform, we focus on breaking news, current events, and in-depth news reporting. Our commitment to media trust ensures our audience receives accurate and timely updates. Explore a wide range of news articles and stay informed with Avice News Trust, your dependable news network.

Related Posts

Add A Comment
Leave A Reply