Important Alert for 100 Million Apple Users, New Hacking Incident Verified

In this narrative, we incorporate additional insights from Check Point research concerning modifications to the Apple macOS Banshee Stealer malware, along with perspectives from various cybersecurity professionals about this category of cyber threats.
Although Windows users have historically faced a higher likelihood of being targeted by cybercriminals, the majority of security-related articles regarding Apple typically revolve around the iPhone in some capacity. Recent research indicates that 100 million macOS users are now under threat as cybercriminals seek to exploit the increasing popularity of the operating system. Here’s what you should know about this recently identified variant of the Banshee Stealer threat.
I transitioned to macOS not long ago, having purchased a MacBook Pro a couple of years back, largely due to the security features offered by the Apple ecosystem. I’m aware that this does not mean macOS users are invulnerable to attacks; that is simply untrue. The existence of the Banshee Stealer serves as sufficient evidence for those who doubt that stealer-as-a-service threats affect Apple users just as they do others.

According to Check Point researchers, “for $3,000, threat actors could acquire this malware aimed at macOS users,” with the criminal developers having “appropriated a string encryption algorithm from Apple’s own XProtect antivirus engine, which substituted the plain text strings utilized in the original version.” This likely facilitated the Banshee Stealer’s ability to evade detection. Nevertheless, when the malware’s source code was released on the dark web at the end of 2024, the service was discontinued. Check Point previously warned that this would result in new variants being created by other malicious actors, and their prediction has now come to pass.
The Check Point analysis of the newly advanced Banshee Stealer campaign cautioned that organizations “must acknowledge the wider dangers posed by contemporary malware,” including the risk of expensive data breaches that the breach of sensitive information and damage to reputation can entail.
Security specialists are raising concerns about the resurgence of Banshee Stealer malware on macOS devices.
Eric Schwake, director of cybersecurity strategy at Salt Security, noted that “the prevailing assumption that Macs are inherently more secure” is challenged by this incident. He emphasized that “organizations must implement robust security protocols for all devices, regardless of their operating systems.” Schwake advised that embracing a proactive approach to macOS security is essential to “mitigate the risks posed by evolving threats like Banshee Stealer and protect vital data and resources.” This proactive approach includes deploying endpoint security solutions, enforcing strong password policies, educating employees on phishing and malware dangers, and applying regular updates to software for the latest security patches, he concluded.
“The emergence of Banshee Stealer highlights the increasing threats aimed at macOS systems,” stated James Scobey, chief information security officer at Keeper Security. He remarked that macOS has been traditionally perceived as safer than PCs, but this view is changing as “it is becoming an attractive target for malware attacks.” Security professionals consistently express that macOS should no longer be seen as an unviable target for cyber attackers. Scobey pointed out, “As attackers refine their methods, including using encryption techniques inspired by built-in security measures, it’s clear that businesses cannot solely depend on outdated security assumptions about different platforms.” He added that advanced malware like Banshee Stealer can outsmart conventional defenses, exploiting stolen credentials and user mistakes.
In a comprehensive technical analysis of the Banshee Stealer threat, Antonis Terefos from Check Point explained that “a minor code update involving string encryption made by the Banshee developer” led to most antivirus solutions failing to identify this hazardous macOS information stealer for over two months. He commented, “This highlights the increasing trend of threat actors focusing on macOS users and the diversification of their malware and tools across various operating systems.”
Jaron Bradley, director of the Jamf threat labs, cautioned that their threat intelligence has recorded a notable increase in credential-stealing campaigns gaining traction throughout 2023. “These initiatives have been remarkably effective, even on the macOS platform,” Bradley noted, adding that “the success of these stealers largely relies on social engineering strategies, where attackers persuade users to run the malware on their own.” The takeaway is both straightforward and timeless: irrespective of how strong the operating system’s security protocols may be, attackers can frequently circumvent them by offering users a persuasive reason to take action. “This also emphasizes that while Apple’s XProtect rules do a good job of identifying known malware,” Bradley stated, “they are continuously monitored by malware creators, enabling them to evolve and avoid detection in future versions using innovative tactics.”
Apple macOS users need to be attentive–
failure to do so may lead to security issues. While acknowledging that Apple provides strong security features for macOS users, like Gatekeeper, XProtect, and sandboxing, researchers at Check Point have cautioned that the resurgence of Banshee Stealer highlights that no operating system is completely safe from threats. macOS users who overlook this alert do so at their own risk. Indeed, “Banshee’s prevalence underscores the necessity for macOS users to stay alert,” stated Antonis Terefos of Check Point, noting that “it is essential for security measures to adapt and offer enhanced protection against more sophisticated attacks, as threat actors broaden their scope.”
This is because Banshee functions invisibly and integrates seamlessly with normal system operations, all the while stealing browser credentials, cryptocurrency wallets, user passwords, and private file information. “Even experienced IT professionals find it challenging to detect its presence,” the Check Point report cautioned. “Banshee Stealer is not merely a piece of malware; it serves as a significant alert for users to reevaluate their security assumptions and take proactive steps to protect their data.”
The latest variant of Banshee specifically targets web browsers such as Chrome, Brave, Edge, and Vivaldi, as well as browser extensions related to cryptocurrency wallets. “It also takes advantage of a Two-Factor Authentication extension to capture sensitive credentials,” the report added, mentioning that it “employs convincing pop-ups designed to mimic legitimate system notifications to deceive users into providing their macOS passwords.”
“This new variant of Banshee Stealer highlights a significant deficiency in Mac security,” stated Ngoc Bui, a cybersecurity expert at Menlo Security. “As more companies adopt Apple ecosystems, the security solutions have not progressed accordingly. A multi-layered security strategy is crucial, including training more specialists for Mac environments.”
Furthermore, the need for privileged access management protection can no longer be seen as optional for business users; it has become a vital aspect of contemporary cybersecurity. The threat posed by Banshee only emphasizes this urgency. “By limiting access and ensuring that elevated permissions are granted solely when needed,” Scobey noted, “privileged access management notably decreases the attack surface for threats like Banshee.” When paired with endpoint protection and effective password management, it establishes a strong defense against such attacks. “The time has arrived for businesses to transition from reactive to proactive security measures,” Scobey concurred, concluding that “malware like Banshee prospers on lapses in vigilance and access controls. By focusing on advanced tools, user education, and layered defenses, organizations can remain a step ahead in the battle against evolving cyber threats.”