Banshee Stealer Overview: Check Point Research monitors Banshee, a macOS malware linked to Russian cyber criminals. The updated version, detected in late September 2024, utilized an encryption algorithm similar to Apple's XProtect for improved evasion tactics. Sold as a ‘stealer-as-a-service' at $3,000, Banshee continued operating until its source code leaked in November, leading to its shutdown. Despite this, modified versions persist via phishing websites. The malware targets browser credentials and various cryptocurrency wallets while employing techniques like process forking to avoid detection. The report emphasizes the vulnerability of macOS to such attacks and the need for increased cybersecurity vigilance among users.
Banshee: The Stealer That “Stole Code” From MacOS XProtect
