Although Macs are less frequently targeted by hackers compared to Windows PCs, they are not immune to attacks. Check Point Research recently issued a warning to 100 million Apple users about a new variant of the Banshee malware. This version is capable of stealing sensitive information, including browser credentials, cryptocurrency wallets, and other personal data.

Figure 1. New macOS Malware Uses Apple’s Code to Steal Data — Stay Safe

Check Point first identified the Banshee macOS Stealer, a malware-as-a-service targeting Mac users, in mid-2024. They've been tracking this latest variant since September, which remained undetected for over two months. The malware used encryption methods borrowed from Apple’s own XProtect antivirus, making it blend in with legitimate security tools [1]. This clever technique helped the hackers avoid detection, allowing Banshee to quietly steal sensitive data from affected devices without triggering antivirus alerts. Figure 1 shows New macOS Malware Uses Apple’s Code to Steal Data — Stay Safe.

The Banshee macOS Stealer's strategy remained highly effective until its source code was leaked on underground forums in November 2024. Although the original service was shut down, Check Point had already warned that new variants would surface, which is exactly what we're witnessing now. The malware is being distributed through phishing websites and fake GitHub repositories, often masquerading as popular software like Chrome or Telegram. These malicious repositories were set up in three waves, designed to look legitimate with stars and reviews to trick users into downloading the malware. In some campaigns, hackers also targeted Windows users with a different malware, Lumma Stealer.

Check Point researchers highlighted the stealthy nature of the Banshee macOS Stealer, emphasizing that it operates undetected by blending into normal system processes while stealing sensitive data like browser credentials, cryptocurrency wallets, user passwords, and files. Once a device is compromised, the malware targets browsers like Chrome and Edge, along with cryptocurrency wallet extensions. It even exploits a Two-Factor Authentication extension to steal credentials and uses convincing pop-ups mimicking legitimate system prompts to trick users into entering their macOS passwords. Check Point warns that Banshee Stealer is a critical reminder for users to reassess their security measures and take proactive steps to protect their data.

How to Protect Yourself from Mac Malware

Check Point researchers emphasize that, despite Apple’s strong security features, "the rise of the Banshee stealer serves as a reminder that no operating system is immune to threats." So, how can you protect your Mac from malware like the Banshee macOS Stealer?

First, always be cautious when downloading apps, ensuring that the source is legitimate. While your Mac comes with built-in antivirus software (XProtect), it’s wise to complement it with a reputable third-party Mac antivirus solution [2]. Paid antivirus software often offers more frequent updates and added features, such as a VPN or password manager, to further secure your online activities.

References:

1. https://www.yahoo.com/tech/macos-malware-uses-apples-own-021624432.html
2. https://www.tomsguide.com/computing/online-security/new-macos-malware-uses-apples-own-code-to-quietly-steal-credentials-and-personal-data-how-to-stay-safe

Cite this article:

Janani R (2025), New MacOS Malware Steals Data Using Apple's Own Code – How to Stay Safe, AnaTechMaz, pp.97