1. Forum
  2. TQWNet
  3. TQW GENTECH

  • This devious macOS malware is evading capture by using Apple's ow

    From TechnologyDaily@1337:1/100 to All on Friday, January 10, 2025 17:15:06
    This devious macOS malware is evading capture by using Apple's own encryption

    Date:
    Fri, 10 Jan 2025 17:05:00 +0000

    Description:
    The Banshee infostealer is now also targeting new victims.

    FULL STORY ======================================================================Security
    researchers from Check Point Research recently find new variant of Banshee malware The new variant uses encryption that allows it to blend with regular macOS operations The campaign went unabated for two months

    Cybersecurity researchers from Check Point Research recently uncovered a new version of the Banshee infostealer, capable of bypassing Apples built-in malware protection to grab sensitive data.

    Banshee is a macOS-focused malware which emerged in mid-2024, designed to extract sensitive information such as system details, browser data, and cryptocurrency wallet information. Initially sold as a stealer-as-a-service for $3,000 per month, its source code was leaked in November 2024, leading to its broader dissemination.

    Despite the operation being shut down, Banshee continued to live, being both developed, and distributed, by various hacking collectives. Distribution through GitHub

    Now, the new version seems to be somewhat more dangerous, and is most likely built by a different threat actor. According to the researchers, Banshee now uses string encryption from Apples XProtect, allowing it to blend with normal device operations and avoid being detected. XProtect is macOS's built-in antivirus system that identifies and blocks known malware using regularly updated signature-based detection.

    Furthermore, it no longer avoids Russian users, which could signal that it
    was built by a different team. This latest campaign seems to have started in September 2024, and continued unobserved for roughly two months.

    While it is impossible to know exactly how many devices are infected with Banshee, we do know that its being distributed via GitHub repositories.
    Threat actors are impersonating legitimate software, and are betting on software developers being careless when downloading content from the open-source platform.

    Check Point says that the same operators are also going after Windows users, but through Lumma Stealer, not Banshee. The researchers also stressed that macOS continues to gain popularity, thus becoming an increasingly attractive target.

    Despite its reputation as a secure operating system, the rise of
    sophisticated threats like the Banshee MacOS Stealer highlights the
    importance of vigilance and proactive cyber security measures, they
    concluded.

    Via BleepingComputer You might also like This devious malware looked to exploit braille characters to breach Windows security flaws Here's a list of the best antivirus tools on offer These are the best endpoint protection
    tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/this-devious-macos-malware-is-evading-c apture-by-using-apples-own-encryption


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)