Banshee Malware Uses Apple Encryption to Evade Detection
/ 1 min read
🦇 Banshee malware exploits Apple’s encryption to evade detection on macOS. The macOS infostealer known as Banshee has been circulating since July, primarily sold on Russian cybercrime marketplaces as a “stealer-as-a-service” for $1,500. Designed to extract credentials from various browsers and cryptocurrency wallet extensions, Banshee initially struggled against antivirus detection due to its plaintext packaging. However, a more sophisticated variant emerged in September, utilizing the same encryption algorithm as Apple’s Xprotect, allowing it to evade detection for months. Following the leak of its source code in November, Banshee’s campaigns have been identified, primarily spreading through GitHub and phishing sites. Experts warn that macOS users must remain vigilant as new threats may arise from this malware’s exposure.
