A new type of malware targeting Mac computers has security experts on high alert. The software, known as Banshee Stealer, can steal sensitive information from users without their knowledge.
Checkpoint, a cybersecurity company, has been tracking this threat since September and said in a Jan. 9 news release the malware is particularly dangerous because it went undetected for over two months.
“Even seasoned IT professionals struggle to identify its presence,” according to Checkpoint, adding that the malware’s ability to hide makes Banshee Stealer a serious concern for Mac users.
The malware works by tricking people into downloading it. Hackers create fake websites or GitHub pages that look like popular apps such as Chrome or Telegram. When users download the fake apps, they unknowingly install the malware.
Once on a computer, Banshee Stealer can steal passwords saved in web browsers, information about cryptocurrency wallets, and gain access to other personal information.
Checkpoint reports that the malware uses clever tactics to go undetected, including copying a security feature from Apple’s own protection system, which helped it slip past antivirus programs.
A recent update removed a feature that prevented the malware from targeting Russian-speaking users, resulting in the threat currently affecting Mac users worldwide.
“Previous malware versions terminated operations if they detected the Russian language, likely to avoid targeting specific regions. Removing this feature indicates an expansion in the malware’s potential targets,” Checkpoint said.
Experts say this malware shows how cybercriminals are increasingly targeting Mac computers, with over 100 million Mac users worldwide, making these computers attractive to hackers.
“No operating system is immune to threats,” Checkpoint warned, advising Mac users to be cautious about what they download and to keep their security software up to date.
The cybersecurity company said the original creators of Banshee Stealer have stopped selling it but other bad actors could gain access to its leaked source code.
“Since its source code was leaked in November 2024, Banshee Stealer-as-a-service operation has been officially shut down. However, [Check Point Research] has identified multiple campaigns still distributing the malware through phishing websites,” Checkpoint said. The company added that so far it’s unclear who is carrying out such campaigns.
It said both individuals and businesses should take the threat seriously.
“Businesses must recognize the broader risks posed by modern malware, including costly data breaches that compromise sensitive information and damage reputations, targeted attacks on cryptocurrency wallets that threaten digital assets, and operational disruptions caused by stealthy malware that evades detection and inflicts long-term harm before being identified,” Checkpoint wrote.