New warning for millions of Apple users issued.
Updated January 11, 2025: This article, originally published on January 10, now includes comments from a number of security experts on the new Banshee Stealer threat for Apple macOS users.
Although Windows users are historically more likely to be targeted by cyber attackers, and when it comes to Apple, most security-related stories we read tend to involve the iPhone d ‘One way or another, new research suggests that 100 million macOS users are firmly in the crosshairs as cybercriminals seek to exploit the growing popularity of the operating system. Here’s what you need to know about the recently discovered Banshee Stealer threat variant.
What 100 million Apple users need to know about Banshee Stealer
A new variant of the macOS Banshee Stealer threat, capable of hijacking browser credentials, cryptocurrency wallets and other sensitive data, has been monitored by security researchers since late last year. Today, threat intelligence experts at Check Point Research released a new report warning 100 million users of the real and present dangers posed by this nasty hacking attack campaign.
I’m a relatively recent convert to the world of macOS, having purchased the MacBook Pro a few years ago, largely due to the security protections that the Apple ecosystem provides. I’m not blind to the fact that this doesn’t mean that everyone using macOS is somehow immune to attacks, that’s simply not the case. The Banshee Stealer is proof enough if anyone doubted that such Theft-as-a-Service threats apply to Apple users as much as anyone else.
“For $3,000,” Check Point researchers said, “malicious actors could purchase this malware to target macOS users,” with criminal developers having “stolen a string encryption algorithm from Apple’s XProtect antivirus engine , which replaced the plain text strings used in the original version. » This likely made it easier for Banshee to avoid detection. However, when the malware’s source code was leaked to the dark web in late 2024, the service was shut down. Check Point said at the time that this would lead to the emergence of new variants, developed by other threat actors; it has been proven to be true.
Security experts speak out on the latest Banshee Apple macOS attacks
The return of Banshee Stealer malware, with its enhanced antivirus detection capabilities, poses a significant risk to organizations using macOS devices, according to Eric Schwake, director of cybersecurity strategy at Salt Security. “Despite the common belief that Macs offer greater security,” Schwake said, “this incident highlights that organizations must adopt strict security measures across all devices, regardless of their operating systems.” Only by taking a proactive stance on macOS security can organizations “reduce the risk from evolving threats like Banshee Stealer and protect their critical data and assets,” Schwake said. Such a proactive attitude involves implementing endpoint security solutions, enforcing strict password policies, educating staff about the risks of phishing and malware, and ensuring that all software is regularly updated with the latest security patches, Schwake concluded.
Meanwhile, Jaron Bradley, director of Jamf Threat Labs, warned that his own threat intelligence has observed a significant increase in credential theft campaigns that have gained momentum throughout 2023 “These campaigns have proven to be very effective, even on the macOS platform,” Bradley said: “The success of these thieves relies primarily on social engineering, where attackers convince users to carry out the attack themselves. malware.” The lesson here is as obvious as it is old: no matter how robust the operating system’s security measures are, attackers can often circumvent them by presenting users with a compelling reason to act. “It also highlights that while Apple’s XProtect rules are effective at detecting known malware,” Bradley said, “they are closely monitored by malware authors, allowing them to adapt and evade detection in future iterations using creative methods.”
Apple macOS users need to take care or suffer security consequences
While admitting that Apple does a good job including robust security protections for macOS users, such as Gatekeeper, XProtect, and sandboxing, Check Point researchers cautioned that the rebirth and rise of Banshee Stealer is “reminiscent of that no operating system is available. immune to threats. macOS users who ignore this warning do so at their own risk.
Indeed, Banshee works undetected and integrates seamlessly with perfectly normal system processes, but it constantly steals browser credentials, cryptocurrency wallets, user passwords and sensitive file data . “Even seasoned IT professionals have difficulty identifying its presence,” the Check Point report warns. “Banshee Thief is not just another malware: it is a critical wake-up call for users to re-evaluate their security assumptions and take proactive steps to protect their data. »
The latest Banshee variant targets web browsers including Chrome, Brave, Edge, and Vivaldi, as well as browser extensions for cryptocurrency wallets. “It also leverages a two-factor authentication extension to capture sensitive credentials,” the report says, adding that it “uses convincing pop-ups designed to look like legitimate system prompts to trick users into typing their macOS passwords”.
“This new variant of Banshee Stealer reveals a critical gap in Mac security,” said Ms. Ngoc Bui, cybersecurity expert at Menlo Security. “As businesses increasingly adopt Apple ecosystems, security tools have not kept pace. We need a layered security approach, including more hunters trained on Mac environments.
I contacted Apple for a statement.
