MacOS : BANSHEE malware is a macOS-based infostealer

Topic

New Reply

https://www.elastic.co/security-labs/beyond-the-wail

The BANSHEE malware is a macOS-based infostealer that targets system information, browser data, and cryptocurrency wallets.

In August 2024, a novel macOS malware named “BANSHEE Stealer” emerged, catching the attention of the cybersecurity community. Reportedly developed by Russian threat actors, BANSHEE Stealer was introduced on an underground forum and is designed to function across both macOS x86_64 and ARM64 architectures.

This malware presents a severe risk to macOS users, targeting vital system information, browser data, and cryptocurrency wallets.

With a steep monthly subscription price of $3,000, BANSHEE Stealer stands out in the market, particularly compared to known stealers like AgentTesla…

2 users thanked author for this post.

BobbyB, DrBonzo

Reply | Quote

Replies

New Banshee Stealer Targets 100+ Browser Extensions on Apple macOS Systems

“The web browsers and crypto wallets targeted by the malware comprise Safari, Google Chrome, Mozilla Firefox, Brave, Microsoft Edge, Vivaldi, Yandex, Opera, OperaGX, Exodus, Electrum, Coinomi, Guarda, Wasabi Wallet, Atomic, and Ledger.”

1 user thanked author for this post.

DrBonzo

Reply | Quote

I wish authors of articles like these would offer some guidance to consumers regarding whether or not Apple has provided a patch, how likely it is to fall prey to the malware, whether or not somone needs physical access to a computer, etc. If this sort of information is in these articles it’s not very obvious.

1 user thanked author for this post.

b

Reply | Quote

DrBonzo wrote:

I wish authors of articles like these would offer some guidance to consumers regarding whether or not Apple has provided a patch

In August 2024, a novel macOS malware named “BANSHEE Stealer” emerged…

Have you received a patch ? A patch for what exactly ?

Don’t download software from 3rd party stores.
Don’t install browsers add-ons from 3rd party stores.
Don’t click on unknown links…
Update MacOS to the latest supported version.

1 user thanked author for this post.

DrBonzo

Reply | Quote

The latest patch I’ve been offered is from July 29 for Monterey 12.7.6 and there’s no mention of Banshee in the patch announcement. If the authors of the articles know of a Banshee patch for Macs I want them to inform their readers of it.

Your 4 suggestions are all well taken advice, but they aren’t specific to avoiding Banshee. Does an attacker need to have physical access to my Mac? Does an attacker need to breach my router or home network? Other similar questions as well. Maybe answers to these questions are obvious to a reader more knowledgeable than I – or maybe not, but in either case the answers would be useful to the Mac community.

Reply | Quote

Here is a non-technical explanation.
https://appleinsider.com/articles/24/08/16/banshee-stealer-malware-haunts-browser-extensions-on-macos

1 user thanked author for this post.

DrBonzo

Reply | Quote

From PKCano’s link above :

To macOS users, there’s no specific instructions to help this particular attack vector, other than good computing hygiene. Ensuring you know downloads come from legitimate sources, being wary about unexpected email attachments, and being more thoughtful about installations will take many users far.

1 user thanked author for this post.

DrBonzo

Reply | Quote

DrBonzo wrote:

The latest patch I’ve been offered is from July 29 for Monterey 12.7.6 and there’s no mention of Banshee in the patch announcement

In August 2024, a novel macOS malware named “BANSHEE Stealer” emerged…

1 user thanked author for this post.

DrBonzo

Reply | Quote