While Apple’s Macs aren’t targeted by hackers as often as Windows PCs, they’re far from impenetrable. Security researchers at Check Point Research recently pushed out an alert warning 100 million Apple users that a new variant of the infamous Banshee malware has been detected, capable of stealing browser credentials, cryptocurrency wallets, and other personal data.
Check Point first uncovered the Banshee macOS Stealer, a malware-as-a-service targeting macOS users, in mid-2024, and has been monitoring this latest strain since September. The malware managed to remain undetected for over two months by cleverly incorporating the same encryption methods as Mac’s XProtect antivirus detection suite, with the hackers having “stolen a string encryption algorithm from Apple’s own XProtect antivirus engine, which replaced the plain text strings used in the original version,” Check Point explained. Since antivirus programs expect to see this kind of encryption from Apple’s legitimate security tools, they weren’t flagged as suspicious, allowing the Banshee macOS Stealer to quietly siphon data from targeted devices.
This strategy proved devastatingly effective at avoiding detection until the Banshee macOS Stealer source code was leaked on underground forums in November 2024. Though the service was shut down, Check Point warned at the time that new variants would emerge developed by other threat actors, just as we’re seeing now. The organization identified multiple campaigns distributing the malware through phishing websites or fake GitHub repositories, often disguised as popular software like Chrome or Telegram. Malicious repositories were created over three waves, appearing legitimate with stars and reviews to lure users into downloading malware. In some campaigns, hackers targeted Windows users as well with another known malware called Lumma Stealer.
“This stealthy malware doesn’t just infiltrate; it operates undetected, blending seamlessly with normal system processes while stealing browser credentials, cryptocurrency wallets, user passwords, and sensitive file data,” Check Point researchers said.Once a device was compromised, the latest Banshee stealer variant targets browsers like Chrome and Edge along with browser extensions for cryptocurrency wallets. It also exploited a Two-Factor Authentication extension to steal sensitive credentials, the report said, adding that it “utilizes convincing pop-ups designed to look like legitimate system prompts to trick users into entering their macOS passwords.”
“Banshee stealer isn’t just another piece of malware—it’s a critical warning for users to reassess their security assumptions and take proactive measures to safeguard their data,” Check Point said.
How to stay safe from Mac malware
Check Point researchers warn that despite Apple’s robust security features, “the rise of the Banshee stealer serves as a reminder that no operating system is immune to threats.” So what can you do to keep the best Macs protected from malware like Banshee macOS Stealer?
First and foremost, be vigilant about the apps you download and do your due diligence to make sure whoever you’re downloading it from is who they say they are. Your Mac already comes with built-in antivirus software in the form of XProtect, but consider using that in tandem with one of the best Mac antivirus software solutions. Paid antivirus software is updated more regularly and will often throw in a VPN or password manager to help you stay safe online.
