On August 16, 2024, cybersecurity researchers discovered a new malware called Banshee Stealer that specifically targets Apple macOS systems. This malware is extremely dangerous as it can steal data from a wide range of browsers, cryptocurrency wallets and over 100 browser extensions.
Banshee Stealer, which is offered to the cybercriminal community at a price of $3,000 per month, is a versatile and dangerous threat for macOS. It targets browsers such as Google Chrome, Mozilla Firefox, Brave, Microsoft Edge, Vivaldi, Yandex, Opera, and crypto wallets such as Exodus, Electrum, Coinomi, Guarda, Wasabi Wallet, Atomic, and Ledger. The malware is also capable of collecting system information, passwords and notes from iCloud Keychain. Banshee Stealer includes a number of anti-analysis and debugging measures that allow it to avoid detection in virtual environments. To avoid infecting systems where Russian is the primary language, the malware uses the CFLocaleCopyPreferredLanguages API.
Banshee Stealer uses osascript to display a fake password prompt to trick users into entering system passwords for elevation of privilege. In addition, it collects data from files with extensions .txt, .docx, .rtf, .doc, .wallet, .keys and .key from the Desktop and Documents folders, which are then exfiltrated in ZIP format to a remote server . This malware highlights the growing popularity of macOS among cybercriminals, especially after the emergence of other malware such as Cuckoo and MacStealer.
With the growing number of threats like Banshee Stealer, macOS users should be extra careful when dealing with suspicious files and programs. Cybercriminals continue to develop new methods to steal data, making it important to maintain the highest standards of cybersecurity.