A new Russian threat targets over 100 Apple macOS browser extensions

Apple Macs are considered comparatively safer than Windows. This remains true, as in the past few months, we’ve noticed numerous malware and vulnerabilities affecting Windows laptops. However, a stealer malware has shown that Macs yet again aren’t completely immune to cyberattacks.

The malware, called Banshee, targets the extensions installed on your Mac in order to gain illegal access to your passwords, cryptocurrency, and personal data. It affects a wide range of browsers, including Chrome and Safari.

GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE

 

What you need to know

Researchers at Elastic Security Labs found that Banshee, a malware developed by Russian hackers, works on macOS x86_64 and ARM64 systems. The malware is being sold as a service to other bad actors for just $3,000, which the researchers think is pretty cheap compared to other malware available on the dark web to criminals. Yes, believe it or not, there’s a whole market for this stuff.

Apple has a tight infrastructure that prevents bad actors from targeting its devices, but hackers always find loopholes. In this case, it’s the browser extensions you install, whether it’s an ad blocker or an Amazon price tracker.

 

Targeted browsers and extensions

“Banshee Stealer targets a wide range of browsers, cryptocurrency wallets, and around 100 browser extensions, making it a highly versatile and dangerous threat,” Elastic Security Labs said. The malware targets several web browsers and crypto wallets, including Safari, Google Chrome, Mozilla Firefox, Brave, Microsoft Edge, Vivaldi, Yandex, Opera, OperaGX, Exodus, Electrum, Coinomi, Guarda, Wasabi Wallet, Atomic, and Ledger.

 

Data theft capabilities

Once the malware gets into your Mac, it starts stealing your data. It can grab information about the system and passwords from the Keychain. It also pulls data from different file types stored on your desktop and in your documents. Plus, it’s got tricks to avoid detection, like figuring out if it’s in a virtual environment and using an API to steer clear of Macs where Russian is the primary language.

 

4.3 MILLION AMERICANS EXPOSED IN MASSIVE HEALTH SAVINGS ACCOUNT DATA BREACH

 

How does the malware infect your computer?

The report from Elastic Security Labs didn’t go into detail about how the Banshee malware actually infects your computer. But it’s likely using the same tactics we’ve seen other Mac and Windows malware use before.

This usually involves sneaky methods like displaying fake pop-ups that mimic legitimate apps or services. Hackers often create a sense of urgency, pushing you to click on a link to “install an update” or “fix an issue” right away. Of course, instead of an update, that link installs the malware on your system.

It’s also unclear how widespread this malware is, which regions it’s targeting, or the extent of the damage it’s caused so far.

It’s important to note that the Banshee malware is specifically designed to target desktops and laptops running macOS. It exploits browser extensions and operates on macOS systems. The malware does not include iPads, iPhones, or other mobile devices in its scope, focusing solely on macOS devices and the browsers installed on them.

We reached out for a comment from RecordsCheck, but did not hear back before our deadline.

 

MASSIVE SECURITY FLAW PUTS MOST POPULAR BROWSERS AT RISK ON MAC

 

4 ways to protect yourself from the Mac malware

While there’s no exact solution to prevent the Banshee malware, the following computer practices can help keep your Mac secure.

1) Limit and manage browser extensions: Be selective about the browser extensions you install. Only add extensions from well-known developers and those you truly need. Regularly review and manage your extensions to ensure they haven’t been compromised or are no longer necessary. Extensions with excessive permissions or that request access to sensitive data should be removed. Check out our top browser extensions to make life easier. 

2) Be cautious with downloads and links: Only download software from reputable sources such as the Mac App Store or official websites of trusted developers. Be wary of unsolicited emails or messages prompting you to download or install updates, especially if they contain links. Phishing attempts often disguise themselves as legitimate update notifications or urgent messages.

The best way to protect yourself from clicking malicious links that install malware is to have strong antivirus protection installed on all your devices.

My top pick is TotalAV, and you can get a limited-time deal for CyberGuy readers: $19 your first year (80% off) for the TotalAV Antivirus Pro package.

Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android & iOS devices.

Best Antivirus Protection 2024

3) Keep your software updated: Ensure that both macOS and all installed applications are up to date. Apple frequently releases security patches and updates that address vulnerabilities. Enable automatic updates for macOS and your apps to stay protected without having to manually check for updates. If you need more help, see my guide on keeping all your devices updated.

4) Use strong and unique passwords: To protect your Mac from malware, it’s also crucial to use strong, unique passwords for all your accounts and devices. Avoid reusing passwords across different sites or services. A password manager can be incredibly helpful here—it generates and stores complex passwords for you, making them difficult for hackers to crack.

It also keeps track of all your passwords in one place and automatically fills them in when you log into accounts, so you don’t have to remember them yourself. By reducing the number of passwords you need to recall, you’re less likely to reuse them, which lowers the risk of security breaches. Get more details about my best expert-reviewed Password Managers of 2024 here.

 

HERE’S WHAT RUTHLESS HACKERS STOLE FROM 110 MILLION AT&T CUSTOMERS

 

Kurt’s key takeaway

Macs, whether you’re using a MacBook or an iMac, are generally pretty secure, but they’re not completely foolproof. One weak spot has always been extensions, and that’s where the Banshee malware comes in. It exploits these vulnerabilities to swipe your important data and money. There aren’t any specific steps to deal with this exact threat, but sticking to good computing habits can help a lot. Make sure your downloads are from trusted sources, be cautious with unexpected email attachments, and think carefully before installing anything.

What steps do you take to verify that downloads and extensions are from legitimate sources? Let us know in the comments below.

FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE

Related posts

Best last minute holiday gifts

Understanding brushing scams and how to protect yourself

From TikTok to trouble: How your online data can be weaponized against you