
Apple's macOS users have long taken pride in their operating system, with its sleek design and polished user experience inspiring a devoted following.
And when it comes to security, users know that the operating system benefits from a smaller market share, meaning that it's less attractive target for cybercriminals. And also, its Unix-based architecture provides strong foundational security, and this also makes it has less known malware threats if compared to Microsoft Windows.
But that doesn't mean it's flawless.
This is because at this time, an estimated 100 million Apple users are at risk of falling victim to a malware called the 'Banshee macOS Stealer.'
Cybersecurity software company Check Point Research has issued a warning to the millions of Mac users who may be targeted by malicious actors using this antivirus-evading wailing spirit.
Banshee Stealer takes inspiration from macOS XProtect, mimicking its string encryption techniques for stealth. The recent source code leak has been beneficial, enabling improved detection by macOS antivirus engines. #MacOS#Banshee#Stealer#Malwarehttps://t.co/3COr5pviJ6
— Check Point Research (@_CPResearch_) January 9, 2025
A banshee is a spectral figure from Irish folklore, widely regarded as a harbinger of death.
These ethereal beings are often depicted as ghostly women who take one of two forms: a young, beautiful maiden with flowing robes and long, untamed hair, or an aged, haggard crone with a haunting aura. Their attire and hair are commonly described as white or grey, enhancing their otherworldly appearance.
But what truly sets them apart is their mournful, piercing wail—a sorrowful lament said to foretell an impending death.
While the banshee’s presence is undeniably terrifying, they are not violent in nature.
Rather than causing death, they serve as messengers of fate, warning families of a loved one’s passing.
And unlike other legends, banshees are uniquely tied to specific Irish families, often those with surnames like "Mac."
In modern times, this haunting legend finds a curious parallel in the form of the Banshee malware—a digital specter crafted to target Mac users.
Much like the folklore banshee, this malware’s presence signals impending misfortune, though in this case, it manifests as compromised security and data breaches.
In this case, the Banshee malware is designed to steal credentials from browsers — Google Chrome, Brave, Microsoft Edge, Vivaldi, Yandex, and Opera — and browser extensions associated with cryptocurrency wallets — Ledger, Atomic, Wasabi, Guarda, Coinomi, Electrum, and Exodus.
And more, because the malware can also steal additional information about victims' systems, including software and hardware specifications, and the password needed to unlock them.

Just as people in the lore dread encountering the banshee’s mournful cry, modern users fear the arrival of this insidious digital threat, whose mere presence can spell disaster for their systems.
According to the researchers at Check Point Research in a blog post, they identified a new, undetected version of Banshee Stealer targeting macOS back in September 2024.
However, they now found that the malware has been updated with string encryption, as previous versions contained all the strings in plain text. And unique to this trait is that, the string encryption allows it to bypass Apple’s MacOS built-in XProtect antivirus engine.
The threat actors behind this malware has distributed this updated version of the Banshee mainly via phishing websites and malicious GitHub repositories.
As a result of this, the Banshee malware is able to evade detection on Mac computers, and also by most other antivirus engines.
It was only after its original code was leaked on a popular hacking forum, that allowed developers of antivirus engines to understand its core functionality.
Once the source code was leaked, the Banshee stealer-as-a-service operation was shut down to the general public. However, the researchers at Check Point Research said that campaigns distributing malware continues through phishing websites that masquerade as legitimate software.