100 million Apple users face potential data theft due to Mac malware.

Macs are generally considered more secure than Windows PCs, but they are not immune to hackers. Recent incidents have shown that Macs are not impenetrable, and a new one has been added to the list. Security researchers have discovered a new variant of stealer malware that targets browser credentials, cryptocurrency wallets, and other personal data. I reported on this malware in 2024, and previously, it relied on macOS browser extensions to steal data. Now, it uses phishing websites and fake GitHub repositories to target Macs, which have a user base of 100 million people.

Enter the giveaway by signing up for my free newsletter.

The evolution of info-stealer Mac malware

A new variant of info-stealer malware, BanShee, has been discovered by cybersecurity company Check Point. Elastic Security Labs first highlighted this malware in mid-2024, noting that it operates as malware-as-a-service, a business model in which cybercriminals provide access to malicious software and related infrastructure for a fee. At that time, it was available for as much as $3,000 per month.

The BanShee malware evolved in September after being exposed, and its developers stole a string encryption algorithm from Apple's XProtect antivirus engine. This allowed the malware to remain undetected by antivirus programs, as they expect to see this kind of encryption from Apple's legitimate security tools. As a result, the BanShee was able to quietly steal data from targeted devices.

How the Mac malware operates

BanShee Stealer is a prime example of how advanced malware has become. It steals sensitive information from browsers like Chrome, Brave, Edge, and Vivaldi, as well as cryptocurrency wallet extensions. It even takes advantage of two-factor authentication (2FA) extensions to grab credentials. Additionally, it collects details about the device's software and hardware, as well as the external IP address.

The Mac malware uses fake system prompts to trick users into giving away their macOS passwords. After collecting the stolen information, BanShee sends it to command-and-control servers using encrypted and encoded files to keep the data safe.

The malware's creators used GitHub repositories to spread BanShee and Lumma Stealer. They set up fake repositories that looked like they hosted popular software to seem trustworthy. Over three waves, the attackers used these fake repositories to trick people into downloading their malicious files.

5 tips to protect yourself from Mac malware

To protect your Mac from the latest malware threats, including BanShee Stealer, follow these essential tips.

To safeguard yourself from malicious links, malware, phishing emails, and ransomware scams, it is essential to have antivirus software installed on all your devices. Here are my top picks for the best 2025 antivirus protection winners for your Windows, Mac, Android, and iOS devices.

Be cautious when downloading software: Stick to reputable sources like the Mac App Store or trusted developer websites. Avoid clicking on unsolicited emails or messages that urge you to download or install updates, especially if they contain links. Be cautious of phishing attempts that may appear as legitimate update notifications or urgent messages.

To stay protected from vulnerabilities, make sure that both macOS and all installed applications are up to date. Apple frequently releases security patches and updates. To simplify the process, enable automatic updates for macOS and your apps. For more guidance, refer to my guide on keeping all your devices updated.

To safeguard your Mac from malware, it is imperative to employ strong and distinctive passwords for all your accounts and gadgets. It is advisable to steer clear of reusing passwords across multiple websites or services. A password manager can be an invaluable tool in this regard; it can generate and store intricate passwords on your behalf, rendering them virtually impregnable to hackers.

A password manager securely stores all your passwords in one place and automatically fills them in when logging into accounts, reducing the need to remember them and lowering the risk of security breaches. For more information on the best expert-reviewed password managers of 2025, click here.

Enable two-factor authentication (2FA) for your important accounts, including your Apple ID, email, and any financial services. This adds an additional layer of security to the login process, making it more difficult for attackers to gain access even if they have your password.

Kurt’s key takeaway

Cyberattacks can target any device when a human operator is involved. For instance, the BanShee Stealer targeted Macs not because of weak cybersecurity measures by Apple, but because it successfully deceived users into installing it and granting the necessary permissions. Most cyberattacks result from human error, which underscores the importance of maintaining basic cybersecurity hygiene. It is crucial to be cautious when downloading software, verify the source, and carefully review the permissions granted to any online service or application.

How do you decide if it's safe to install new software when downloading it? Do you trust app store ratings, reviews, or something else? Share your thoughts with us at Cyberguy.com/Contact.

To receive my tech tips and security alerts, sign up for my free CyberGuy Report Newsletter at Cyberguy.com/Newsletter.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.