Banshee: The Stealer That "Stole Code" From MacOS XProtect
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A new version of the Banshee macOS stealer, linked to Russian-speaking cybercriminals, has been monitored since September. This version went undetected for over two months, using a string encryption algorithm identical to Apple's XProtect antivirus engine. The malware targets browser credentials, cryptocurrency wallets, and sensitive information. It was distributed through malicious GitHub repositories and phishing websites, often masquerading as popular software. The Banshee stealer-as-a-service operation, priced at $3,000, was advertised on Telegram and dark web forums before shutting down in November 2024 due to source code leakage. Despite this, threat actors continue to distribute updated versions, highlighting the growing trend of targeting macOS users.
OPENCTI LABELS :
phishing,macos,cryptocurrency,lumma stealer,github,string encryption,banshee,xprotect
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Banshee: The Stealer That "Stole Code" From MacOS XProtect