Researchers have uncovered new variants of the "Banshee macOS Stealer", which initially bypassed antivirus detection due to its use of a unique string encryption technique mimicking Apple’s XProtect antivirus engine. The malware targets user credentials, browser data, and cryptocurrency wallets by exploiting anti-analysis methods such as process forking. Distributed through phishing repositories masquerading as cracked software or Telegram downloads, the malware compresses and XOR-encrypts stolen data before exfiltrating it to a command-and-control (C&C) server concealed by Relay servers. Originally sold for up to $2,999, Banshee evolved into a service with a profit-sharing model before its source code leak led to new forks and increased detections. The campaign highlights the growing threat to macOS users, emphasizing the need for proactive security measures, threat intelligence, and updated defenses against evolving malware tactics. Continue here.
