New Version of macOS Malware

[Biro]

January 9, 2025 alert from Check Point Research:

Cracking the Code: How Banshee Stealer Targets macOS Users - Check Point Blog

Executive Summary: Since September, Check Point Research (CPR) has been monitoring a new version of the Banshee macOS Stealer, a malware that steals

blog.checkpoint.com

 

[russell_314]

With this and most malware it requires the user or someone with physical access to actually install it. From the link “Threat actors used GitHub repositories as a key distribution method for Banshee.”.


This is why I try to be careful what I download and install. Is it from a reputable company or is it some individual developer on GitHub? Nothing wrong with individual developers but you better be sure that person is trustworthy. Big companies have lots to lose but on the Internet, individuals can be fairly anonymous.

Always ask… Do you need it? Is the developer trustworthy? Are you downloading it from a trusted source? If you’re not sure about any of those questions then don’t do it.

It’s nice to see people pointing out that macOS is not invincible to malware. No BS anti malware software is going to protect you.

 

[bogdanw]

I'm not sure why this method is being used, but one way of delivery redirects the user to a page called "Safe Download Storage" with the instructions to "Click to "Copy" on link and paste it to address bar"
At the moment, only Kaspersky, Sophos, Ikarus & Google recognize the DMG file downloaded as part of the Amos infostealer malware family.
https://www.virustotal.com/gui/file/d90623df1f31f2138ab8c1a4130f6d31647b8f0d44f08a74ffc3f2e252e87b5c