Banshee, a malware linked to Russian-speaking cyber criminals targeting macOS users, had been undetected for over two months until it was leaked on XSS forums. The malware used a string encryption algorithm identical to Apple’s XProtect antivirus engine for MacOS. Despite the operation shutting down after the leak, threat actors continue to distribute Banshee via phishing websites. Also, the malware was distributed through malicious GitHub repositories, targeting Windows users with Lumma Stealer and macOS users with Banshee Stealer.
Banshee 2.0 Steals Apple’s Encryption to Hide on Macs
The macOS ‘Banshee’ infostealer has evaded antivirus software by using an encryption algorithm it stole from Apple. Primarily distributed via Russian cybercrime marketplaces, it is
