The Banshee info-stealing malware has been upgraded to target browser credentials, cryptocurrency wallets, and passwords of macOS users for the last four months. Primarily distributed through malicious uploads on GitHub, Banshee often poses as the Telegram messaging app or Google Chrome browser to deceive users. The malware leverages a string encryption algorithm from Apple’s XProtect to stay undetected and top antivirus firms have only recently understood its workings.
New Malware Loaders Use Call Stack Spoofing, GitHub C2, and .NET Reactor for Stealth
An updated version of a malware loader, known as Hijack Loader, has been discovered with new features aimed at evading detection and maintaining persistence. The
