Apple Macs are considered relatively safer than Windows. This is true, as the past few months have seen a number of malware and vulnerabilities affecting Windows laptops. However, the theft malware has once again demonstrated that Macs are not completely resistant to cyber attacks.
The malware, called Banshee, targets extensions installed on Macs to gain access to passwords, cryptocurrency and personal data, affecting a wide range of browsers, including Chrome and Safari.
For security alerts and expert tips, sign up for KURT’s newsletter, The Cyberguy Report, here.
Woman working on a Mac laptop (Kurt “Cyberguy” Knutson)
What you need to know
The researchers Elastic Security Lab Banshee, a malware developed by Russian hackers, has been found to work on macOS x86_64 and ARM64 systems. The malware is being sold as a service to other bad actors for just $3,000. Researchers believe that’s pretty cheap compared to other malware available to criminals on the dark web. Yes, believe it or not, there’s a big market for this malware.
Apple has a strict infrastructure in place to prevent bad actors from targeting your devices, but hackers always find loopholes — in this case, those loopholes are browser extensions you install, whether that’s an ad blocker or an Amazon price tracker.
Browsers and extensions covered
“Banshee Stealer targets a wide range of browsers, cryptocurrency wallets, and approximately 100 browser extensions, making it a highly versatile and dangerous threat,” Elastic Security Labs said. The malware targets multiple web browsers and cryptocurrency wallets, including Safari, Google Chrome, Mozilla Firefox, Brave, Microsoft Edge, Vivaldi, Yandex, Opera, OperaGX, Exodus, Electrum, Coinomi, Guarda, Wasabi Wallet, Atomic, and Ledger.
Data theft capability
Once the malware has infiltrated your Mac, it starts stealing data. It can steal system information and passwords from the Keychain. It also gets data from various file formats stored on the Desktop and in Documents. It also has tricks to avoid detection, such as determining if it’s in a virtual environment and using an API to avoid Macs where Russian is the primary language.
Illustration of a hacker working on a laptop (Kurt “Cyberguy” Knutson)
Massive health savings account data breach puts 4.3 million Americans at risk
How does malware infect computers?
The Elastic Security Labs report didn’t go into detail about how the Banshee malware actually infects computers, but it’s likely using the same techniques that have been used by previous Mac and Windows malware.
This usually involves clever methods such as displaying fake popups that mimic legitimate apps or services. Hackers often create a sense of urgency to get you to click on a link to “install an update” or “fix a problem” right away. Of course, instead of an update, the link installs malware on your system.
It’s unclear how widespread the malware is, what regions it’s targeting, or how much damage it has caused so far. Apple did not respond to a request for comment for this story by deadline.
Woman working on a laptop (Kurt “Cyberguy” Knutson)
Serious security flaw puts Mac’s most popular browser at risk
4 ways to protect yourself from Mac malware
While there is no exact solution to prevent Banshee malware, the following computer precautions can help keep your Mac safe:
1) Restricting and Managing Browser Extensions: Be selective about the browser extensions you install. Add only extensions from well-known developers and those you really need. Regularly check and manage extensions to see if they are compromised or no longer needed. Extensions with excessive permissions or requesting access to sensitive data should be removed. Check out these browser extensions that will make your life easier.
2) Be careful with downloads and links: Download software only from trusted sources, such as the Mac App Store or official websites of trusted developers. Be wary of unsolicited emails or messages offering to download or install updates, especially if they contain links. Phishing scams often pose as legitimate update notifications or urgent messages.
The best way to protect yourself from clicking on malicious links that install malware is to install strong antivirus protection on all your devices. We’ve handpicked the winners of the best antivirus protection of 2024 for Windows, Mac, Android and iOS devices.
3) Keep your software up to date: Make sure your macOS and all installed applications are up to date. Apple frequently releases security patches and updates to address vulnerabilities. Enabling automatic updates for macOS and your apps helps you stay protected without having to manually check for updates. If you need further help, contact me. A guide to keeping all your devices up to date.
4) Use a strong and unique password: To protect your Mac from malware, it’s also important to use strong, unique passwords for all your accounts and devices, and avoid reusing passwords across different sites and services. Password Manager This is where it really comes in handy: it generates and stores complex passwords, making them difficult for hackers to crack.
It also records all your passwords in one place and automatically fills them in when you log into your accounts, so you don’t have to remember them yourself. By reducing the number of passwords you have to remember, you’re less likely to reuse them, reducing the risk of a security breach. Learn more about me Here are the best password managers according to experts in 2024.
How to remove your personal information from the internet
Important points about the cart
Whether you have a MacBook or an iMac, Macs are generally pretty secure, but not completely safe. One weak spot is always the extensions, and that’s where the Banshee malware sneaks in. The Banshee malware exploits these vulnerabilities to steal your important data and money. There are no specific steps to combat this threat, but maintaining good computing habits can help a lot: only download from trusted sources, be wary of unexpected email attachments, and think carefully before installing anything.
What steps do you take to ensure that downloads and extensions are from legitimate sources? Cyberguy.com/Contact Us.
If you want to receive more of my tech tips and security alerts, subscribe to the free CyberGuy Report newsletter at the link below. Cyberguy.com/Newsletter.
Have a question for Kurt or tell us the story you’d like to see featured?.
Follow Kurt on his social channels:
Answers to the CyberGuy’s most frequently asked questions:
Copyright 2024 CyberGuy.com. All Rights Reserved.
