A new strain of stealer malware, known as Banshee Stealer, has emerged as a significant threat to Apple macOS systems. Priced at $3,000 per month on the dark web, this sophisticated malware targets both x86_64 and ARM64 architectures, making it highly versatile. Banshee Stealer is designed to compromise a wide array of web browsers, including Google Chrome, Mozilla Firefox, Brave, and Microsoft Edge, as well as various cryptocurrency wallets. It also affects around 100 browser extensions, highlighting its broad reach and potential impact.
Banshee Stealer is equipped to extract a variety of sensitive information from compromised systems. It collects data from iCloud Keychain passwords and Notes, and employs advanced techniques to evade detection. The malware utilizes anti-analysis and anti-debugging measures to determine if it’s running in a virtual environment, further complicating efforts to identify and neutralize it. Additionally, it leverages the CFLocaleCopyPreferredLanguages API to avoid infecting systems where Russian is the primary language, showcasing its strategic approach to evasion.
One of the key features of Banshee Stealer is its ability to deceive users into revealing their system credentials. It uses the macOS osascript utility to display fake password prompts, tricking users into entering their passwords for privilege escalation. The malware can also collect and exfiltrate various file types, such as .txt, .docx, and .wallet, from the Desktop and Documents folders. This collected data is then compressed into ZIP archives and sent to a remote server, emphasizing the malware’s capability to steal a wide range of sensitive information.
The discovery of Banshee Stealer underscores the growing focus on macOS systems by cybercriminals, paralleling the rise of other macOS-specific malware strains. This development comes amid reports of similar threats, such as a macOS stealer that utilizes SwiftUI and Apple’s Open Directory APIs to capture user credentials. As cybercriminals continue to target both macOS and Windows platforms, users are advised to remain vigilant, implement robust security measures, and keep their systems updated to defend against these evolving threats.
Reference:
