Beyond the wail: deconstructing the BANSHEE infostealer

Tags

External References

• https://www.elastic.co/
• https://otx.alienvault.com/

Description

This analysis details the BANSHEE malware, a macOS-based infostealer that targets system information, browser data, and cryptocurrency wallets. Developed by Russian threat actors, it operates across macOS x86_64 and ARM64 architectures. The malware is designed to evade detection through anti-debugging measures and checks for virtualization and language settings. It collects user passwords, system information, browser data from various browsers, and data from around 100 browser extensions. Additionally, it targets cryptocurrency wallets like Exodus, Electrum, and Ledger. The collected data is compressed, encrypted, and exfiltrated to a remote server.

Date