Security experts have spotted a new type of malware targeting Apple macOS computers called Banshee Stealer. This complex malware sells on dark web online markets for a steep $3,000 monthly fee and works with both x86_64 and ARM64 systems.
Elastic Security Labs reports that Banshee Stealer poses a wide range of threats. It can break into many web browsers, crypto wallets, and about 100 browser add-ons. The malware targets well-known browsers like Safari, Chrome, and Firefox, plus various crypto wallets such as Exodus, Electrum, and Ledger.
The malware is designed to collect system info and get data from iCloud Keychain passwords and Notes. It also uses advanced anti-analysis techniques to avoid being caught in virtual environments and checks language preferences to bypass systems where Russian is the primary language.
Like other macOS threats such as Cuckoo and MacStealer, Banshee Stealer uses deceptive tactics to gain privileged access rights, like showing fake password prompts. It can also extract data from different file types in the Desktop and Documents folders, compressing and sending the stolen info to a remote server.
Elastic Security Labs points out that Banshee Stealer shows how malware creators now focus more on macOS systems as threat actors set their sights on Apple’s operating system.
Symantec, a Broadcom company, breaks down how this malware works. It uses a Swift-based dropper to show a fake password box, checks if the entered details are right with the OpenDirectory API, and then gets and runs harmful scripts from a command-and-control server.
These developments occur alongside the ongoing proliferation of Windows-based stealers like Flame Stealer and the misuse of AI-related themes, such as fake websites imitating OpenAI’s Sora tool to distribute Braodo Stealer.
