Apple’s Macs are generally more secure than Windows PCs, but they’re not immune to hackers. Many incidents show that Macs cannot be hacked, and a new case has recently been added to the list. Security researchers have discovered a new Stealer malware variant that targets browser credentials, cryptocurrency wallets and other personal data. I This malware was reported in 2024 as well. Previously, it relied on MacOS browser extensions to steal data. Now, it’s using phishing websites and fake GitHub repositories to target Macs, which have a user base of 100 million people.
I’m giving away the latest and greatest Airpods Pro 2
Enter the giveaway through my subscription Free newsletter.
A person working on an Apple laptop (Kurt “Cyberguy” Knutsson)
MAC malware develops to steal information
Cybersecurity company Check point Discovered a new variant of information-stealing malware, Banshee. Resilience Labs first highlighted this malware in mid-2014, noting that it operates as a malware-as-a-service, a business model in which cybercriminals provide access to malware and related infrastructure for a fee. At the time, it was available for $3,000 per month.
Check Point says this malware evolved in September after it was exposed. This time, its developers “stole” the string encryption algorithm from Apple’s Xprotect anti-virus engine, which replaced the plain text strings used in the original version. Because antivirus software expects to see this type of encryption from legitimate Apple security tools, they are not flagged as suspicious, allowing Banshee to remain undetected and quietly steal data from targeted devices.
Woman working on apple desktop and apple laptop (Kurt “Cyberguy” Knutsson)
4.3 million Americans were exposed in a massive health savings account data breach
How Mac malware works
Banshee Stealer is a prime example of how advanced malware can become. Once it’s on a system, it goes straight to work stealing all kinds of sensitive information. It tracks data from browsers like Chrome, Brave, Edge, and Vivaldi, as well as cryptocurrency wallet extensions. So he takes advantage of Two-factor authentication (2FA) Extensions to grab credentials. Furthermore, it collects details about the device’s software and hardware, as well as the external IP address.
MAC Malware also tricks users with fake pop-ups that look like real system prompts, tricking victims into entering their MacOS passwords. Once the stolen information is collected, Banshee executes command and control servers, using encrypted files and encryption to ensure the data remains secure.
The malware creators used GitHub repositories to spread Banshee. They set up fake repositories that looked like they hosted popular shows, complete with stars and reviews, to appear trustworthy. These campaigns did not target MacOS users with Banshee. They also hit Windows users with different The malware is called Lumma Stealer. Over three waves, attackers have used these fake repositories to trick people into downloading their malicious files.
Woman working on her laptop (Kurt “Cyberguy” Knutsson)
The massive security flaw exposes the most popular browsers on Mac
5 Tips to Protect Yourself from Mac Malware
Follow these essential tips to protect your Mac from the latest malware threats, including the infamous Banshee hijacker.
1) You have a powerful antivirus program: The best way to protect yourself from malicious links that install malware, which may access your private information, is to install antivirus software on all your devices. This protection can also alert you to mitigate ransomware emails and scams, keeping your personal information and digital assets safe. Get my picks for the best antivirus protection winners of 2025 for your Windows, Mac, Android, and iOS devices.
2) Be careful with downloads and links: Only download software from reputable sources such as the Mac App Store or official websites of trusted developers. Be wary of unsolicited emails or messages offering you to download or install updates, especially if they contain links. Phishing attempts often disguise themselves as legitimate update notifications or urgent messages.
3) Keep your software up to date: Make sure that both MacOS and all installed applications are up to date. Apple frequently releases security patches and updates that address vulnerabilities. Enable automatic updates for MacOS and your apps to stay protected without having to manually check for updates. If you need more help, see my A guide to keeping all your devices updated.
4) Use strong and unique passwords: To protect your Mac from malware, it’s crucial to use strong, unique passwords for all your accounts and devices. Avoid reusing passwords across different sites or services. A Password manager It can be incredibly useful here; It generates and stores complex passwords for you, making them difficult for hackers.
It also keeps track of all your passwords in one place and auto-fills them when you log into accounts, so you don’t have to remember them yourself. By reducing the number of passwords you need to remember, you are less likely to reuse them, reducing the risk of security breaches. Get more details about my country The best expert-reviewed password managers in 2025 are here.
5) Use two-factor authentication (2FA): maybe 2FA For your important accounts, including your Apple ID, email, and any financial services. This adds an extra step to the login process, making it difficult for attackers to gain access even if they have your password.
How to remove your private data from the Internet
Kurt Kisa Kurt
No device is immune to cyber attacks when a human operator is involved. Take Banshee Stealer, for example. It was able to target MACs not because of weak cybersecurity measures by Apple, but because it successfully tricked users into installing it and granting the required permissions. Most breaches, hacks and other cyberattacks stem from human error. This highlights the importance of maintaining basic cybersecurity hygiene. It’s crucial to know what you’re downloading, make sure it’s from a trusted source and carefully review the permissions you grant to any online service or app.
When downloading new software, how do you determine if it is safe to install? Do you rely on app store ratings, reviews, or something else? Let us know by writing to us cyberguy.com/contact.
For more tech tips and security alerts, sign up for the free Cyberguy Report newsletter by heading over to cyberguy.com/newsledter.
Ask Kurt a question or tell us what stories you want us to cover.
Follow Kurt on his social channels:
Answers to cyberguy’s most frequently asked questions:
New from Kurt:
Copyright 2024 Cyberguy.com. All rights reserved.
