A variant of the Banshee macOS infostealer was seen duping detection systems with new string encryption copied from Apple’s in-house algorithm.
A Check Point research, which caught the variant after two months of successful evasion, said threat actors distributed Banshee using phishing websites and fake GitHub repositories, often impersonating popular software like Google Chrome, Telegram, and TradingView.
Cybersecurity expert at Menlo Security, Ngoc Bui, said the new variant highlights a significant gap in Mac security. “While companies are increasingly adopting Apple ecosystems, the security tools haven’t kept pace,” he said. “Even leading EDR solutions have limitations on Macs, leaving organizations with significant blind spots. We need a multi-layered approach to security, including more trained hunters on Mac environments.”
