Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Banshee macOS Malware Expands Targeting

The latest version of the Banshee macOS information stealer no longer checks if the infected systems have the Russian language installed.

macOS Malware

The Banshee macOS information stealer has been updated to expand its target list to systems using the Russian language, cybersecurity firm Check Point reports.

Banshee was first seen in mid-2024, when it was advertised on cybercrime forums for $3,000 per month, and is believed to have been created by Russian developers.

The malware can collect a wide range of data from macOS systems, including passwords, system information, keychain passwords, browser and browser plugin data, and cryptocurrency wallet information.

In November 2024, the stealer’s source code was leaked online and its developers allegedly shut down their operation as a result, but the malware continues to be distributed via phishing websites and fake GitHub repositories.

According to Check Point, a version of Banshee identified in September that had replaced the original plain text encryption algorithm strings with a string stolen from Apple’s own XProtect antivirus engine remained undetected by antivirus engines until November, when the malware’s source code was leaked.

“This leak not only exposed its inner workings but also led to better detection by antivirus engines. While this leak led to better detection by antivirus engines, it also raised concerns about new variants being developed by other actors,” Check Point notes.

The most significant change observed in the latest version of Banshee, however, is the removal of a Russian language check, which previously prevented the malware from executing on systems using Russian, but now no longer constrains it from targeting specific regions.

Check Point says it “has identified multiple campaigns still distributing the malware through phishing websites. Whether these campaigns are being carried out by previous customers or the author’s private group remains unclear”.

Advertisement. Scroll to continue reading.

Related: FireScam Android Malware Packs Infostealer, Spyware Capabilities

Related: ESET Distributor’s Systems Abused to Deliver Wiper Malware

Related: US, Australian Cybersecurity Agencies Publish List of 2021’s Top Malware

Related: ‘CDRThief’ Malware Targets Linknat Softswitches

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.