Despite constant warnings, many Mac users have come to believe their computers are safe from malware attacks. A new threat targeting Mac users called Banshee Stealer, however, refutes that notion. As reported on by security firm Elastic Labs, Banshee Stealer targets popular browsers and crypto wallets and even attempts to steal data from iCloud Keychain passwords and Notes.
“Banshee Stealer targets a wide range of browsers, cryptocurrency wallets, and around 100 browser extensions, making it a highly versatile and dangerous threat,” Elastic Security Labs said in a report on Thursday.
The new malware collects browser history, cookies, logins, and more, all from some of the most popular browsers and crypto wallets, including Microsoft Edge, Google Chrome, Mozilla Firefox, Electrum, Coinomi, Wasabi Wallet, and more.
Banshee Stealer incorporates measures to make it difficult for security researchers to find flaws in it or understand how it works. An interesting detail is that it uses the CFLocaleCopyPreferredLanguages API to detect the computer’s primary language. If the user sets the language to Russian, it avoids infecting the system.
However, the malware can also show users a fake password prompt to try to trick the user into entering their password to gain privilege escalation. After launching an app, the user will see a prompt and a message telling them to update system settings and to enter their password.
It can also grab info from files matching a number of different file formats, including .txt, .docx, .wallet, and more.
Broadcom-owned Symantec explained how it works in more detail: “It begins by running a Swift-based dropper that displays a fake password prompt to deceive users. After capturing credentials, the malware verifies them using the OpenDirectory API and subsequently downloads and executes malicious scripts from a command-and-control server.”
Like other malware, the Banshee Stealer is being sold, but the unusual thing is its hefty $3,000 a month price. Elastic Labs notes that this is quite a high price, especially compared to similar Windows malware.
This malware threat isn’t the first and won’t be the last. However, Mac users can take precautions to stay safe, such as being cautious about where they download files and always keeping their Mac updated since it contains critical security patches. And hey, some antivirus software isn’t a terrible idea either.
