A new version of the Banshee macOS stealer has been identified by Check Point Research. This malware, linked to Russian-speaking cyber criminals, employs a string encryption algorithm identical to that used by Apple’s XProtect antivirus engine. The stealer, which operates as a ‘stealer-as-a-service’, targets macOS users, stealing browser and login credentials, cryptocurrency wallets, and other sensitive information. Its distribution methods include malicious GitHub repositories and phishing websites. This incident highlights the increasing sophistication of macOS malware and the use of legitimate security algorithms for malicious purposes.