trusted formmacOS Browsers Threatened by Banshee Stealer Malware | Several.com
Although we earn commissions from partners, we ensure unbiased evaluations. More on our 'How We Work' page
New Macos Malware Banshee Stealer Hits Web Browsers

New macOS Malware Banshee Stealer Hits Web Browsers

New macOS Malware Banshee Stealer Hits Web BrowsersNew macOS Malware Banshee Stealer Hits Web Browsers
Banshee Stealer Hits Web Browsers

August 19, 2024

Cybersecurity researchers have uncovered a new and highly sophisticated strain of stealer malware targeting Apple macOS systems, named Banshee Stealer. This malware poses a significant threat due to its ability to target over 100 popular browser extensions, various web browsers, and cryptocurrency wallets. The malware has been spotted in underground forums, being offered for a steep price of $3,000 per month, making it accessible to only the most serious cyber criminals.

Banshee Stealer is designed to operate on both x86_64 and ARM64 architectures, providing broad compatibility across macOS devices. Its primary function is to steal sensitive data, including passwords, cookies, browsing history, and cryptocurrency wallet information. The malware targets a wide range of web browsers such as Safari, Google Chrome, Mozilla Firefox, Brave, Microsoft Edge, Vivaldi, Yandex, Opera, and OperaGX. It also focuses on cryptocurrency wallets like Exodus, Electrum, Coinomi, Guarda, Wasabi Wallet, Atomic, and Ledger.

One of the standout features of Banshee Stealer is its use of the macOS osascript utility to display fake password prompts, tricking users into revealing their system credentials. This method allows the malware to escalate privileges, giving it deeper access to the infected system. Additionally, it employs various anti-analysis and anti-debugging techniques to evade detection, particularly by checking if it's running in a virtual environment. It also uses a script to avoid infecting systems where Russian is the primary language, indicating a strategic evasion tactic aimed at avoiding scrutiny from Russian cybersecurity entities.

How to detect if you have the Banshee Stealer malware

Detecting Banshee Stealer on your macOS system requires a combination of vigilance and the use of specialized tools. Here are some key steps to identify if your system might be compromised:

  • Unexpected Password Prompts: Banshee Stealer is known to use the osascript utility to display fake password prompts. If you notice any unusual requests for your system password, especially if they appear out of context, this could be a red flag​ 
  • System Slowdowns: Malware often consumes system resources, leading to unexplained slowdowns or crashes. If your Mac has started to perform poorly without a clear reason, this could indicate malware activity
  • Cookie and History Theft: Since Banshee Stealer targets cookies and browsing history, if you notice missing history entries or unexplained logouts from websites, it might indicate that your data has been stolen​
  • Monitor Network Traffic: Advanced users can use tools like Little Snitch or Wireshark to monitor network traffic. Banshee Stealer exfiltrates data to remote servers, so detecting unusual outgoing connections could help identify its presence
  • Use the Activity Monitor on your Mac to look for unfamiliar or suspicious processes. Banshee Stealer may be running processes that you don't recognize. Pay attention to anything consuming a lot of CPU or memory that doesn't correspond to software you knowingly installed​

Preventive measures

To mitigate the risk posed by Banshee Stealer, users are advised to follow several best practices. First, always ensure that you install software and browser extensions exclusively from trusted sources, such as reputable developers and official marketplaces. This minimizes the risk of inadvertently introducing malware to your system. 

Regularly updating your macOS and all installed applications is also essential, as software updates often include patches for vulnerabilities that could otherwise be exploited by malicious actors. In addition to these precautions, it's vital to employ reliable security tools, such as reputable antivirus and anti-malware software, to detect and block potential threats before they can cause harm.

Exercise caution when dealing with emails and links, especially from unknown sources, as these can often be vehicles for malware delivery. Finally, regularly back up important data to secure locations, ensuring that you can recover your files in case of a malware infection or other data loss events. By following these steps, you can significantly reduce the risk of falling victim to malware like Banshee Stealer.

Recent Posts