A new variant of the macOS Banshee Stealer threat has emerged, targeting 100 million Apple users with its ability to hack browser credentials, cryptocurrency wallets, and other sensitive data. The malware, which can be purchased for $3,000, uses a stolen encryption algorithm from Apple’s XProtect antivirus engine to evade detection.
Security experts warn that organizations using macOS devices are at significant risk due to the malware’s improved antivirus detection capabilities. Director of cybersecurity strategy at Salt Security, Eric Schwake, emphasizes the need for a proactive stance on macOS security, recommending implementing endpoint security solutions, enforcing strict password policies, and educating staff about phishing and malware risks.
Jamf threat labs director Jaron Bradley notes that credential stealer campaigns have proven highly successful, even on the macOS platform, primarily driven by social engineering tactics. Meanwhile, Menlo Security cybersecurity expert Ms. Ngoc Bui highlights a critical gap in Mac security, stressing the need for a multi-layered approach to security.
As Apple continues to strengthen its security measures, users are advised to take proactive measures to safeguard their data, such as regularly updating software and being cautious of convincing pop-ups designed to trick them into entering their macOS passwords.
Source: https://www.forbes.com/sites/daveywinder/2025/01/11/100-million-apple-users-warned-about-new-credential-stealing-hack-attack