A new report from security firm Check Point Research details Banshee Stealer, the Mac malware that attackers use to access web browser data, such as login credentials and browsing history, as well as crypto wallets. It sounds scary, but there’s not much to worry about.
Banshee Stealer is a new version of the malware that was discovered in July 2024. The malware has been updated with encryption “taken from Apple’s XProtect,” according to Check Point Research. XProtect is used by macOS as a layer of defense against malware, but Banshee Stealer’s new encryption allowed it to sneak past XProtect.
Check Point Software reports that the browsers vulnerable to the malware are Google Chrome, Brave, Microsoft Edge, Opera, Vivaldi and Yandex browsers, which are based on the Chromium web engine that renders the websites in a browser. Safari, which is not on the list, is based on Apple’s WebKit engine.
Bansee Stealer is mainly distributed through GitHub repositories of cracked software. It disguises itself as other software that users try to download, and it also has a Windows counterpart called Lumina Stealer. Once installed on your system, it uses tricks to steal login data, including fraudulent browser extensions and pop-ups designed to look like legitimate macOS dialog boxes to trick users into entering their system passwords.
However, mainstream media has picked up on the Banshee Stealer, and security researcher Patrick Wardle points out at X that the threat is being blown “1000% out of proportion.” Not only is the malware only found on websites that mostly sell illegitimate software, but the user also has to actively bypass macOS’s Gatekeeper precautions to perform an installation.
How to protect yourself from malware
The easiest way to protect yourself from malware is to avoid downloading software from repositories like GitHub and other download sites. Software in the Mac App Store has been vetted by Apple and is the safest way to get apps. If you prefer not to patronize the Mac App Store, purchase software directly from the developer and their website. If you insist on using cracked software, you will always run the risk of being exposed to malware.
Apple releases security fixes through OS updates, so it’s important to install them as soon as possible. And as always, when downloading software, get it from trusted sources, such as the App Store (which does security checks on its software) or directly from the developer. Macworld has several guides to help, including a guide to whether or not you need antivirus software, a list of Mac viruses, malware and trojans, and a comparison of Mac security software