Beyond the wail: deconstructing the BANSHEE infostealer

NetmanageIT OpenCTI - opencti.netmanageit.com

Beyond the wail: deconstructing the BANSHEE infostealer



SUMMARY :

This analysis details the BANSHEE malware, a macOS-based infostealer that targets system information, browser data, and cryptocurrency wallets. Developed by Russian threat actors, it operates across macOS x86_64 and ARM64 architectures. The malware is designed to evade detection through anti-debugging measures and checks for virtualization and language settings. It collects user passwords, system information, browser data from various browsers, and data from around 100 browser extensions. Additionally, it targets cryptocurrency wallets like Exodus, Electrum, and Ledger. The collected data is compressed, encrypted, and exfiltrated to a remote server.

OPENCTI LABELS :

macos,infostealer,banshee stealer,c++,sysctl api


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Beyond the wail: deconstructing the BANSHEE infostealer