New macOS Malware Exploits Apple’s Security Features to Stay Hidden and Steal User Data

Share post:

A newly discovered variant of the Banshee macOS Stealer malware is putting 100 million Apple users at risk by exploiting Apple’s own security tools to avoid detection. The malware, which targets credentials, cryptocurrency wallets, and other personal data, has been described by security researchers as a significant threat to macOS users.

Check Point Research first detected the original Banshee malware in mid-2024, a malware-as-a-service targeting macOS devices. The latest strain, which remained undetected for over two months, uses a string encryption algorithm lifted directly from Apple’s XProtect antivirus system. Since antivirus programs expect to see this type of encryption from Apple’s legitimate security tools, they didn’t flag the malware as suspicious.

The malware’s source code leaked on underground forums in late 2024, leading to new variants developed by other cybercriminals. Check Point researchers have since tracked multiple campaigns distributing Banshee through phishing websites and fake GitHub repositories posing as popular software like Chrome or Telegram. Some campaigns targeted both Mac and Windows users, with Windows devices being hit by another malware called Lumma Stealer.

The Banshee malware can steal browser credentials, cryptocurrency wallet details, user passwords, and sensitive file data by tricking users into entering their macOS passwords via fake system prompts. “This stealthy malware doesn’t just infiltrate; it operates undetected, blending seamlessly with normal system processes,” said Check Point researchers.

Experts warn that no operating system is immune to threats. Users should be cautious about what they download and consider pairing Apple’s built-in XProtect antivirus with additional antivirus software to protect their devices from increasingly sophisticated malware.

SUBSCRIBE NOW

Related articles

FBI’s Operation Level Up Ends Cyber Scams and Saves Millions of Dollars and Lives

We should send a love note out to The Federal Bureau of Investigation (FBI) who launched Operation Level...

DOGE’s Teen Hacker Stirs Concern Over Musk Team’s Access to Federal Databases

A 19-year-old named Edward “Big Balls” Coristine has raised red flags after Wired revealed he holds a key...

Deep Seek and Open Source AI – Without the Hype: Discussion with Robert Falzon, Head of Engineering, Check Point

DeepSeek AI is shaking up the cybersecurity world—are we prepared for the risks? Join host Jim Love and...

Researchers Jailbreak DeepSeek AI, Expose System Prompt and Raise Security Concerns

Security researchers at Wallarm have successfully jailbroken DeepSeek, a recently released open-source AI model from China. The jailbreak...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways