100 Million macOS Users at Risk – Banshee Malware Bypasses Apple’s XProtect

Cybersecurity researchers have identified a new threat targeting macOS users worldwide. The Banshee macOS Stealer employs advanced techniques to evade detection, putting more than 100 million macOS users at risk. With its ability to bypass Apple’s XProtect antivirus engine, this malware underscores the growing risks for macOS systems.

Key Highlights of the Banshee Malware Attack:

Sophisticated String Encryption

The Banshee malware uses a unique string encryption technique identical to Apple’s XProtect encryption for YARA rules. This obfuscation hinders detection by traditional antivirus solutions.

Stealer Malware Capabilities

Banshee targets sensitive user data, including:

  • Browser data and credentials (Chrome, Brave, Edge, etc.).
  • Crypto wallet extensions.

Stolen data is compressed, XOR encrypted with a campaign ID, base64 encoded, and sent to the attacker’s command-and-control (C&C) server.

Stealthy C&C Server Operations

The attackers have iterated their C&C infrastructure, moving from Django-based servers with separate admin panels to single FastAPI endpoints. The admin panel is now hidden behind relay servers, increasing stealth.

Phishing Campaigns and Distribution

Fake Repositories and Software

Banshee spreads via phishing repositories masquerading as cracked software and fake websites offering malicious downloads. In one case, the malware disguised itself as a legitimate Telegram download.

Marketplace Activity

The malware was initially sold on Telegram. Over time, it became available as a service on underground forums like XSS and Exploit.

After the source code leaked, antivirus detection improved, but the leak also allowed other actors to create forks, increasing the potential for further attacks.

Implications for macOS Users

The updated Banshee malware demonstrates a shift in malicious actors’ focus from Windows to macOS platforms. Leveraging platforms like GitHub to distribute malicious files, attackers are finding new ways to target unsuspecting users.

How to Stay Safe

To protect against the Banshee malware, follow these steps:

  1. Avoid Cracked Software: Do not download software from unverified or unauthorized sources.
  2. Enable Antivirus Protection: Use robust security tools with proactive threat intelligence.
  3. Update macOS and Applications: Regular updates ensure protection against known vulnerabilities.
  4. Exercise Caution with Downloads: Verify the authenticity of all downloaded files, especially software installers.
  5. Cybersecurity Awareness: Educate yourself and your team on phishing tactics and malware risks.

Why It Matters

With macOS gaining popularity, malware targeting this platform is becoming more sophisticated. The Banshee attack highlights the need for users to remain vigilant and adopt proactive security measures.

Stay safe, stay informed, and remember: cybersecurity is a shared responsibility.

TALK TO AN EXPERT

Contact us today to guide you how to protect your organization and achieve cyber resilience.

TALK TO AN EXPERT

Contact us today to guide you how to protect your organization and achieve cyber resilience.

Source:

RECENT POSTS

SIGN UP

Subscribe for the industry news, in-depth blog posts, and Odyssey-exclusive updates directly in your inbox.