216.73.217.80

Banshee: The Stealer That "Stole Code" From MacOS XProtect

· Published 09/01/2025 15:08 · Modified 09/01/2025 15:41

Export JSON

Essential information

Published
09/01/2025 15:08
Modified
09/01/2025 15:41
Tags
2025-01-09 banshee cryptocurrency github lumma stealer macos phishing string encryption xprotect
Related entities
25 observables, 1 intrusion sets (apt), 22 techniques (mitre), 2 malware

Description

A new version of the stealer, linked to Russian-speaking cybercriminals, has been monitored since September. This version went undetected for over two months, using a algorithm identical to Apple's antivirus engine. The malware targets browser credentials, wallets, and sensitive information. It was distributed through malicious repositories and websites, often masquerading as popular software. The stealer-as-a-service operation, priced at $3,000, was advertised on Telegram and dark web forums before shutting down in November 2024 due to source code leakage. Despite this, threat actors continue to distribute updated versions, highlighting the growing trend of targeting users.

External references