A new version of the info-stealing malware known as “Banshee” has been targeting browser credentials, cryptocurrency wallets, passwords, and other data belonging to macOS users for at least the past four months, according to new research shared this week.
Check Point researchers found the new version targets anyone using a Mac and can be downloaded mainly through malicious GitHub uploads, but also through other websites (GitHub’s policies don’t allow malware, but that doesn’t mean there isn’t any malware on GitHub). This latest Banshee malware often poses as the Telegram messaging app or the Google Chrome browser, two popular apps other malware attackers often pose their malware as to trick victims. In September, this variant appeared that uses a string encryption algorithm from Apple itself, XProtect, to try to go undetected.
This malware targets your web browser activity in Chrome, Brave, Edge, or Vivaldi. It also attempts to swipe your crypto if you have any crypto wallet browser extensions installed and may present macOS victims with fake login screens in an effort to swipe their usernames and passwords to use, ultimately, to steal accounts and funds. It’ll target your Coinbase, Ronin, Slope, TON, MetaMask, and a slew of other crypto wallet extensions if you have them.
In November, Banshee source code was leaked online. This may have helped antivirus firms ensure their software detects this sneakier version in the months since. Prior versions of this malware have been sold as “stealer-as-a-service” malware on cybercriminal channels, including Telegram channels run by attackers, for $3,000 per “license.”
To stay protected from info-stealer malware, it’s a good idea to consider getting a crypto hardware wallet like one from Ledger or Trezor if you have over $1,000 in crypto. In general, it’s also a good practice to avoid storing more than $1,000 in any browser extension-based crypto wallet (you can also store funds with an exchange like Coinbase, Robinhood, or Kraken). Never store passwords in an unprotected digital document on your computer (no Google docs), and consider only storing your crypto seed phrases with pen and paper in a safe or locked box at home.
Recommended by Our Editors
Even if you don’t own any crypto, it’s worth considering an antivirus software with real-time protection. Or, you can use a comprehensive software and download blocker like CyberLock. Blockers like this are different from antivirus programs because they can be customized to block any download or program to run that you don’t approve yourself. This means that even if you approved the malware to be installed, the lock could stop malware from running scripts or installing other malicious software without your knowledge.
Like What You’re Reading?
This newsletter may contain advertising, deals, or affiliate links.
By clicking the button, you confirm you are 16+ and agree to our
Terms of Use and
Privacy Policy.
You may unsubscribe from the newsletters at any time.
About Kate Irwin
Reporter
