FlagThis

Check Point Research has identified a new version of the Banshee macOS stealer, a malware linked to Russian-speaking cyber criminals that targets macOS users. This updated version of the Banshee stealer uses the same string encryption algorithm as Apple's XProtect antivirus engine, allowing it to evade detection. The stealer operates as a 'stealer-as-a-service' and is used to steal browser credentials, cryptocurrency wallets, user passwords, and sensitive file data. It was initially distributed through malicious GitHub repositories and phishing websites which also targeted Windows users with Lumma Stealer.

The Banshee malware has seen a number of changes, with its original source code being leaked on underground forums, which ultimately led to the author shutting down their operations. Despite the shutdown, threat actors continue to distribute this new version of Banshee via phishing websites. The malware is designed to infiltrate macOS systems by using anti-analysis methods to evade debugging tools and antivirus engines by blending into legitimate processes. It has the ability to compromise cryptocurrency wallets, steal sensitive data, and deceive users with fake pop-ups to reveal their passwords.


References :

• ciso2ciso.com: New Mirai Botnet Exploits Zero-Days in Routers and Smart Devices – Source: www.infosecurity-magazine.com
• malware.news: Industrial router zero-day leveraged by new Mirai-based botnet
• www.scworld.com: Industrial router zero-day leveraged by new Mirai-based botnet
• gbhackers.com: Mirai Botnet Variant Exploits Zero-Day Vulnerabilities in Routers
• securityonline.info: “Gayfemboy” Botnet Leveraging 0-Day Exploit in Four-Faith Industrial Routers
• ciso2ciso.com: New Mirai Botnet Exploits Zero-Days in Routers and Smart Devices – Source: www.infosecurity-magazine.com
• gbhackers.com: Mirai Botnet Variant Exploits Zero-Day Vulnerabilities in Routers
• securityonline.info: “Gayfemboy” Botnet Leveraging 0-Day Exploit in Four-Faith Industrial Routers
• : Check Point Research : Since September, Check Point Research has been monitoring a new version of the Banshee macOS stealer, a malware linked to Russian-speaking cyber criminals targeting macOS users.
• malware.news: Banshee: The Stealer That “Stole Code” From MacOS XProtect
• research.checkpoint.com: Banshee: The Stealer That “Stole Code” From MacOS XProtect
• securityonline.info: Malware Alert: Banshee Stealer Targets macOS Users
• www.bleepingcomputer.com: Banshee stealer evades detection using Apple XProtect encryption algo
• www.sentinelone.com: Banshee: The Stealer That “Stole Code” From MacOS XProtect
• Thomas Roccia :verified:: 🧐 CheckPoint recently released a macOS malware analysis report about the Banshee Stealer!
• it-online.co.za: Banshee Stealer targets macOS users
• ciso2ciso.com: Banshee 2.0 Malware Steals Apple’s Encryption to Hide on Macs – Source: www.darkreading.com
• ciso2ciso.com: Banshee 2.0 Malware Steals Apple’s Encryption to Hide on Macs – Source: www.darkreading.com
• securityaffairs.com: Banshee macOS stealer supports new evasion mechanisms
• 9to5Mac: Security Bite: macOS malware ‘Banshee’ found using Apple’s own code to evade detection
• 9to5mac.com: Security Bite: macOS malware ‘Banshee’ found using Apple’s own code to evade detection
• ciso2ciso.com: Banshee Stealer Hits macOS Users via Fake GitHub Repositories – Source:hackread.com
• Latest from TechRadar: This devious macOS malware is evading capture by using Apple's own encryption
• : Banshee 2.0 Malware Steals Apple’s Encryption to Hide on Macs – Source: www.darkreading.com
• ciso2ciso.com: Malware targets Mac users by using Apple’s security tool – Source: www.csoonline.com

Classification:

• HashTags: #BansheeStealer #macOSMalware #XProtect
• Company: Apple
• Target: macOS Users
• Attacker: Russian-speaking cyber criminals
• Product: XProtect
• Feature: String Encryption
• Malware: Banshee Stealer
• Type: Malware
• Severity: Major