Beyond the wail: deconstructing the BANSHEE infostealer

1(520) 261-1728

Beyond the wail: deconstructing the BANSHEE infostealer

This analysis details the BANSHEE malware, a macOS-based infostealer that targets system information, browser data, and cryptocurrency wallets. Developed by Russian threat actors, it operates across macOS x86_64 and ARM64 architectures. The malware is designed to evade detection through anti-debugging measures and checks for virtualization and language settings. It collects user passwords, system information, browser data from various browsers, and data from around 100 browser extensions. Additionally, it targets cryptocurrency wallets like Exodus, Electrum, and Ledger. The collected data is compressed, encrypted, and exfiltrated to a remote server. Author: AlienVault

Related Tags:
C++

BANSHEE Stealer

T1558.002

T1555.002

T1139

T1548.001

T1518.001

macos

T1555

Associated Indicators:
45.142.122.92

Threat Intel Solutions

Beyond the wail: deconstructing the BANSHEE infostealer

Search

Popular Posts

2024 macOS Malware Review | Infostealers, Backdoors, and APT Campaigns Targeting the Enterprise

The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads

MintsLoader: StealC and BOINC Delivery

Categories

Archives

Tags

Follow Us