Apple MacBook users at risk: New malware threatens 100 million devices – how it spreads

A new variant of the Banshee malware has been detected which is threatening the online safety of 100 million macOS users at risk . The new malware version was detected by security researchers at Check Point Research who state that Banshee is being used to steal macOS user’s browser credentials, cryptocurrency wallets, and other sensitive data.

This stealthy malware doesn’t just infiltrate; it operates undetected, blending seamlessly with normal system processes while stealing browser credentials, cryptocurrency wallets, user passwords, and sensitive file data. What makes Banshee truly alarming is its ability to evade detection.

Even seasoned IT professionals struggle to identify its presence. Banshee stealer isn’t just another piece of malware—it’s a critical warning for users to reassess their security assumptions and take proactive measures to safeguard their data.

What is Banshee malware?

Banshee macOS Stealer was first uncovered by Checkpoint around mid-2024. It was advertised as a “stealer-as-a-service” on underground forums like XSS and Exploit, and Telegram where threat actors could purchase this malware to target macOS users.

A new undetected version of Banshee was found in late September which had a stolen a string encryption algorithm from Apple’s XProtect antivirus engine and also replicated the plain text strings used in the original version.

In plain speak, the new changes allowed Banshee to evade detection by antivirus software for over two months since antivirus software expected to see this behaviour from Apple’s security software.

During this time, Banshee was distributed as malware across many phishing websites and malicious GitHub repositories, posing as popular software like Google Chrome, Telegram and TradingView.

However, things took an interesting turn in November 2024 when Banshee’s source code was leaked in an underground forum. The leak allowed antivirus software makers to prepare themselves for the malware, leading to better detection and awareness about new variants being developed by other actors.