Amid reports of the Banshee malware threatening macOS users, Apple security researcher Patrick Wardle has argued that the situation may have been exaggerated.
Check Point Research (CPR) recently tracked a new version of the Banshee macOS Stealer, a malware that targets sensitive data such as browser credentials, cryptocurrency wallets, and user passwords.
Banshee Malware: What the Media Missed
Wardle, who is also the CEO of endpoint security startup DoubleYou, took to Twitter to explain that the hype around Banshee was exaggerated. He dismissed it as an “average” macOS stealer at best.
The analyst further pointed out that the updated version of Banshee posed far less of a threat than it was made out to be.
Wardle emphasized that the new Banshee variant is “ad-hoc signed.” This means the malware won’t run without user interaction. On macOS 15, the malware faces further hindrance because the “right-click, open” method used to bypass security no longer works.
Additionally, macOS has multiple built-in security mechanisms, like TCC (Transparency, Consent, and Control). This limits the malware’s potential impact, making it less dangerous than the media had portrayed.
Media outlets like Forbes and the New York Post created panic with their reports. They reported that over 100 million Apple users were at risk from the malware. The news was especially concerning to the crypto community, as attacks on crypto wallets could lead to big losses.
“This needs some more context as the media is running wild with this, blowing it 1000% of out of proportion. The original post from cp research does a good job largely sticking to technical details,” Wardle said.
According to Check Point, the malware went undetected for over two months due to its use of string encryption. This enabled it to bypass antivirus detection. The malware spread via phishing websites and fake GitHub repositories, often impersonating popular software like Chrome, Telegram, and TradingView.
Banshee’s ability to evade detection by employing encryption taken from Apple’s XProtect was a clever tactic. However, Wardle’s insights suggest that while the malware is a concern, it doesn’t present the catastrophic risk that some feared.
Disclaimer
In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and Conditions, Privacy Policy, and Disclaimers have been updated.
