Apple device users are currently facing a new malware that seeks to steal browser data, cryptocurrency wallets and other personal information. This is a new version of the Banshee malware.
According to security researchers at Check Point, who discovered and analyzed the new malware, around 100 million Apple users could potentially be affected. The current version of the malware attacks MacOS systems. So iPhone and iPad users do not appear to be in direct danger.
Discovered around the middle of 2024, the first “Banshee MacOS Stealer” spyware provided thieves with a malware-as-a-service platform that they could hire. The variant at the time had been monitored since September and used sophisticated techniques to remain undetected for months.
Among other things, the malware used an encryption method developed by Apple itself from the XProtect security software. This made its activities appear like legitimate processes and evaded common security controls.
It was not until November, after the source code was published in underground forums, that the spread of the original version was stopped. But Check Point warned even then that new variants would emerge – a prediction that has now come true. Attackers are currently using phishing websites and fake GitHub repositories to disguise the malware as supposedly trustworthy software such as Chrome or Telegram.
Caution is important
The new Banshee variant is characterized by its ability to integrate seamlessly into the system and read sensitive data . Such as passwords, cryptocurrency wallets and files without being noticed. Particularly dangerous are deceptively real-looking pop-ups that trick users into revealing their MacOS passwords. Browsers such as Chrome and Edge as well as extensions for two-factor authentication are also being targeted.
Check Point emphasizes that even Apple’s robust security measures do not guarantee absolute security. Users should be vigilant when downloading software and only obtain applications from trustworthy sources. Quite similar attacks were also directed against Windows users. With a similar malicious code being used in the form of malware called “Lumma Stealer”.https://youtu.be/v29Hgmz57Xo?si=2eCWLVv62kpQAHTR