They identify an advanced version of Banshee Stealer malware for macOS that circumvents your antivirus and steals information

Jan. 9 (Portaltic/EP) –

a new advanced version of malware Banshee Stealer is capable of bypassing the antivirus integrated into macOS computers XProtect introducing encryption that makes it difficult to detect, allowing the data theft sensitive and cryptocurrency wallet credentials.

Banshee Stealer is malicious software designed to steal personal data from users using macOS devices. Thus, although his source code was leaked in November last year and it was revealed that its malicious operations had officially ceased, researchers from cybersecurity company Check Point Reasearch have now identified new active campaigns of this ‘malware’.

Specifically, researchers have detailed that the new Banshee Stealer campaigns have been identified through ‘phishing’ attacks distributed on web pages and aimed at macOS devices. Once the victim falls for the ‘phishing’ attack, the cybercriminals introduce a encryption inspired by Apple’s XProtect on macOS computers, which makes it difficult for your antivirus systems to identify the leak of ‘malware’.

Thus, it is a “more sophisticated and stealthy” version of Banshee Stealer, as specified by Check Point in a statement, with which, by circumventing the antivirus, cybercriminals can steal sensitive data and credentials from cryptocurrency wallets of affected users.

It must be taken into account that wallets such as Trust Wallet, MetaMask and Coinbase Wallet, are among the main objectives and, according to Check Point based on a report by Dune Analytics, Wallets like Trust Wallet have nearly 170 million users around the world. This is why these cyberattack campaigns can affect a large number of users globally.

In this framework, researchers have clarified that, given the increase in the use of cryptocurrency wallets based on macOS, “it is more important for users to adopt proactive cybersecurity measures“. This is because, although XProtect antivirus offers effective protection in most cases, the ‘malware’ sophistication “requires greater vigilance and layered security” to face new threats.

THEY EXPAND THEIR OPERATIONS INCLUDING RUSSIAN USERS

In addition to all this, the researchers have highlighted another novelty in this new version of Banshee Stealer, which is the removal of Russian language verification. This feature caused the previous version of the ‘malware’ to stop its operations when it was detected and, therefore, not affect Russian users.

Now, the new ‘malware’ campaigns do not identify this language and, therefore, They lack geographical or political restrictions when attackingfurther expanding the potential reach of ‘malware’ and its global threat.

This change also indicates a new direction in the attack strategy, suggesting that “there is new cybercriminals who are using this ‘malware’ to impact users”, as explained by the cybersecurity company.

INCREASE IN SOPHISTICATION

With all this, as the Security Research Group Manager of Check Point Research, Eli Smadja, has concluded, this new version of Banshee Stealer demonstrates that devices with the macOS operating system are exposed to attacks “just like any other operating system.” This is because “the “Modern malware campaigns” target both macOS and Windows users and “they are growing in sophistication“.

Likewise, he has warned that, in addition to not being limited to a single operating system, these attacks are designed to “exploit common human vulnerabilities, not platform-specific flaws“, so special caution is recommended at the user level against social engineering attacks such as ‘phishing’ or false software updates.

Likewise, the cybersecurity company has also stressed that this discovery puts on the table “the constant danger of leaked malware”, which continues to drive cyberattacks”even after official operations cease.”