New MacOS Malware Banshee Evades Detection Using Apple Encryption

According to Odaily, cybersecurity researchers at Check Point have identified a new macOS malware named Banshee that has successfully evaded antivirus detection for over two months by leveraging Apple's encryption schemes. Forbes has warned of the 'real danger' posed by this malware, while the New York Post, citing Check Point, reported that over 100 million Apple users could potentially be affected. However, Patrick Wardle, CEO of endpoint security startup DoubleYou, downplayed the threat, suggesting that the situation might be more hype than hazard. Despite targeting 'software-based encrypted wallets' and remaining a concern, Wardle believes the malware has received excessive media attention.

Banshee operates as a 'steal-as-a-service' for $3,000, targeting cryptocurrency wallets and browser credentials. In November of last year, its source code was leaked on underground forums, leading its creators to abruptly shut down the service. The malware's distinctiveness lies in its ability to mimic Apple's XProtect antivirus string encryption algorithm, allowing it to operate undetected from late September to November 2024. Check Point's analysis indicates that this strategy enabled Banshee to evade security tools while attacking crypto users through malicious GitHub repositories and phishing sites.

标签：APPLE