Cybersecurity researchers have uncovered a brand new, stealthier model of a macOS-focused information-stealing malware known as Banshee Stealer.
“As soon as thought dormant after its supply code leak in late 2024, this new iteration introduces superior string encryption impressed by Apple’s XProtect,” Verify Level Analysis stated in a brand new evaluation shared with The Hacker Information. “This growth permits it to bypass antivirus programs, posing a big danger to over 100 million macOS customers globally.”
The cybersecurity firm stated it detected the brand new model in late September 2024, with the malware distributed utilizing phishing web sites and faux GitHub repositories beneath the guise of widespread software program reminiscent of Google Chrome, Telegram, and TradingView.
Banshee Stealer was first documented in August 2024 by Elastic Safety Labs. Provided beneath a malware-as-a-service (MaaS) mannequin to different cybercriminals for $3,000 a month, it is able to harvesting knowledge from internet browsers, cryptocurrency wallets, and information matching particular extensions.
The malware operation suffered a setback in late November 2024 when its supply code leaked on-line, prompting it to close down their operations. Nevertheless, Verify Level stated it has recognized a number of campaigns nonetheless distributing the malware by way of phishing web sites, though it is at the moment not recognized if they’re carried out by earlier prospects.
The brand new variant is notable for eradicating a Russian language verify used to forestall infections of Macs that had set Russian because the default system language. Dropping the function alludes to the chance that the menace actors need to forged a wider web of potential targets.
One other essential replace is the usage of a string encryption algorithm from Apple’s XProtect antivirus engine to obfuscate the plaintext strings used within the authentic model of Banshee Stealer.
“Trendy malware campaigns are exploiting widespread human vulnerabilities, not simply platform-specific flaws,” Eli Smadja, safety analysis group supervisor at Verify Level Analysis, stated in a press release shared with The Hacker Information. “MacOS, like another OS, is uncovered to those evolving threats, particularly as cybercriminals make use of superior strategies like social engineering and faux software program updates.”
The event comes as unsolicited messages on Discord are getting used to propagate varied stealer malware households reminiscent of Nova Stealer, Ageo Stealer, and Hexon Stealer beneath the pretext of testing out a brand new online game.
“One of many fundamental pursuits for the stealers appear to be Discord credentials which can be utilized to broaden the community of compromised accounts,” Malwarebytes stated. “This additionally helps them as a result of a number of the stolen data contains associates accounts of the victims.”