Apple’s Macs are generally considered more secure than Windows computers, but they are not immune to hackers. A number of incidents show that Macs are not bulletproof, and a new one has recently been added to the list. Security researchers have discovered a new variant of stealthy malware that targets browser credentials, cryptocurrency wallets and other personal information. I reported this malware in 2024 as well. Previously, it relied on macOS browser extensions to steal data. It now uses phishing websites and fake GitHub repositories to target Macs, which have a user base of 100 million people.
I’M GIVING AWAY THE LATEST AND BEST AIRPODS PRO 2
Participate in the giveaway by logging in to my free newsletter.
A person working on his Apple laptop (Kurt “CyberGuy” Knutsson)
The evolution of information-stealing Mac malware
A cyber security company Checkpoint has discovered a new variant of the information-stealing malware, BanShee. Elastic Security Labs first highlighted this malware in mid-2024, noting that it functions as malware-as-a-service, a business model where cybercriminals provide access to the malware and related infrastructure for a fee. At the time, it was available for as much as $3,000 a month.
Check Point says this malware was developed in September after it was exposed. This time, its developers “stole” the string encryption algorithm from Apple’s own XProtect antivirus engine, replacing the plaintext strings used in the original version. Because antivirus programs expect this type of encryption from Apple’s legitimate security tools, they are not flagged as suspicious, allowing BanShee to remain undetected and quietly steal data from targeted devices.
A woman works on her Apple desktop and Apple laptop (Kurt “CyberGuy” Knutsson)
4.3 MILLION AMERICANS EXPOSED TO MASSIVE HEALTH SAVINGS ACCOUNT BREACH
How Mac Malware Works
BanShee Stealer is a great example of how advanced malware has become. Once in the system, it immediately goes to work stealing all kinds of sensitive information. It tracks data from browsers like Chrome, Brave, Edge, and Vivaldi, as well as cryptocurrency wallet extensions. He even exploits two-factor authentication (2FA) credential download extensions. In addition, it collects details about the device’s software and hardware, as well as the external IP address.
Mac malware also tricks users with fake pop-ups that look like real system prompts, tricking victims into entering their macOS passwords. After collecting the stolen data, BanShee exfiltrates it to command and control servers, using encrypted and encoded files to ensure the data remains secure.
Malware creators used GitHub repositories to spread BanShee. They set up fake repositories that appeared to host popular software, complete with stars and reviews, to make it look trustworthy. These campaigns didn’t just target macOS users with BanShee. They also hit Windows users differently malware called Lumma Stealer. Over three waves, attackers used these fake repositories to trick people into downloading their malicious files.
A woman is working on her laptop (Kurt “CyberGuy” Knutsson)
MAJOR SECURITY BLACK THREATS THE MOST POPULAR MAC BROWSERS
5 tips to protect yourself from Mac malware
Follow these essential tips to protect your Mac from the latest malware threats, including the infamous BanShee Stealer.
1) Have strong antivirus software: The best way to protect yourself from malicious links that install malware, potentially accessing your personal information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android, and iOS devices.
2) Be careful with downloads and links: Only download software from reputable sources such as the Mac App Store or official websites of trusted developers. Be wary of spam emails or messages that invite you to download or install updates, especially if they contain links. Phishing attempts are often disguised as legitimate update notifications or emergency messages.
3) Update your software regularly: Make sure macOS and all installed apps are up to date. Apple frequently releases security patches and updates that address vulnerabilities. Enable automatic updates for macOS and your apps to stay protected without having to manually check for updates. If you need more help, check out mine guide to update all your devices.
4) Use strong and unique passwords: To protect your Mac from malware, it’s also crucial to use strong, unique passwords for all your accounts and devices. Avoid reusing passwords on different sites or services. AND password manager it can be incredibly helpful here; generates and stores complex passwords for you, making them difficult for hackers to crack.
It also keeps track of all your passwords in one place and automatically fills them in when you sign into accounts, so you don’t have to remember them yourself. By reducing the number of passwords you need to remember, you are less likely to use them again, which reduces the risk of a security breach. Learn more about mine best password managers 2025 with expert review here.
5) Use two-factor authentication (2FA): Enable 2FA for your important accounts, including Apple ID, email and all financial services. This adds an extra step to the login process, making it harder for attackers to gain access even if they have your password.
HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET
Kurt’s key to the outside
No device is immune to cyberattacks when a human operator is involved. Take BanShee Stealer for example. It was able to target Macs not because of Apple’s lax cybersecurity measures, but because it successfully tricked users into installing it and granting the necessary permissions. Most burglaries, hacking and other cyberattacks result from human error. This highlights the importance of maintaining basic cybersecurity hygiene. The key is to know what you’re downloading, make sure it comes from a trusted source, and carefully review the permissions you give to any online service or application.
When you download new software, how do you determine if it’s safe to install? Are you relying on ratings, app store reviews, or something else? Let us know by writing to us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report newsletter by going to Cyberguy.com/Newsletter.
Ask Kurt a question or tell us what stories you want us to cover.
Follow Kurt on his social channels:
Answers to the most frequently asked CyberGuy questions:
New from Kurt:
Copyright 2024 CyberGuy.com. All rights reserved.
