New Mac malware can bypass Apple’s XProtect security scanner

Macworld

A new report by security firm Check Point Research provides details on Banshee Stealer, Mac malware that attackers use to gain access to web browser data, such as login information and browser history, as well as crypto wallets. It sounds scary, but there isn’t too much to worry about.

Banshee Stealer is a new version of the malware that was discovered in July 2024. The malware has been updated with encryption “taken from Apple’s XProtect,” according to Check Point Research. XProtect is used by macOS as a layer of defense against malware, but Banshee Stealer’s new encryption allowed it to sneak by XProtect.

Check Point Software reports that the browsers vulnerable to the malware are Google Chrome, Brave, Microsoft Edge, Opera, Vivaldi, and Yandex–browsers that are based on the Chromium web engine that renders the websites within a browser. Safari, which is not on the list, is based on Apple’s WebKit engine.

Bansee Stealer is mainly distributed through GitHub repositories of cracked software. It masquerades as other software that users are trying to download and also has a Windows counterpart called Lumina Stealer. Once installed on your system, it uses tricks to steal login data, including fraudulent browser extensions and pop-ups designed to look like legitimate macOS dialog boxes to get users to enter their system passwords.

However, mainstream media outlets have picked up on Banshee Stealer, and security researcher Patrick Wardle points out on X that the threat is being blown “1000% out of proportion.” Not only is the malware found only on sites that peddle mostly Illegitimate software, but the user also has to actively bypass macOS’s Gatekeeper precautions to perform an installation.




X/Patrick Wardle

How to protect yourself from malware

The easiest way to protect yourself from malware is to avoid downloading software from repositories such as GitHub and other download sites. Software in the Mac App Store has been vetted by Apple and is the safest way to get apps. If you prefer not to patronize the Mac App Store, then buy software directly from the developer and their website. If you insist on using cracked software then you will always run the risk of malware exposure.

Apple releases security patches through OS updates, so installing them as soon as possible is important. And as always, when downloading software, get it from trusted sources, such as the App Store (which makes security checks of its software) or directly from the developer. Macworld has several guides to help, including a guide on whether or not you need antivirus software, a list of Mac viruses, malware, and trojans, and a comparison of Mac security software