Removal instructions for the Banshee stealer-type malware
Written by Tomas Meskauskas on (updated)
What kind of malware is Banshee?
Banshee is a stealer-type malware targeting Mac Operating Systems (OSes). This malicious program can extract and exfiltrate data relating to the system, browsers, and cryptocurrency wallets. Primarily, Banshee seeks log-in credentials and finance-related information.
Banshee malware overview
Following successful infiltration, Banshee begins its malicious operations by collecting relevant device data (e.g., device name, OS version, hardware details, etc.). From the macOS, this stealer can obtain information from Notes, system/user password, and log-in credentials stored in the Keychain (native Mac password manager).
Additionally, Banshee can extract data from browsers, including Internet cookies, auto-fills (e.g., usernames), passwords, credit/debit card details, and cryptowallet extensions.
However, what information can be acquired depends on victims' browsers: all of the above can be extracted from Google Chrome, Microsoft Edge, Vivaldi, and Brave; all except passwords from Opera, OperaGX, and Yandex; auto-fills and passwords from Mozilla Firefox; and only cookies from Safari.
Furthermore, this malware targets cryptocurrency wallets. According to its promotional material, Banshee can acquire data associated with over a hundred cryptowallet browser extensions. However, the stealer also targets desktop wallets, such as Atomic, Binance, Coinomi, Electrum, and Exodus.
It is worth mentioning that malware developers often improve upon their software and methodologies. Therefore, potential future iterations of Banshee could have a more extensive target list or additional/different functionalities.
In summary, the presence of malicious software like Banshee on devices can lead to severe privacy issues, financial losses, and identity theft.
Name | Banshee malware |
Threat Type | Mac malware, Mac virus, stealer |
Detection Names | Avast (Other:Malware-gen [Trj]), Combo Cleaner (Trojan.MAC.Generic.119795), Emsisoft (Trojan.MAC.Generic.119795 (B)), Kaspersky (HEUR:Trojan-PSW.OSX.Amos.w), Full List Of Detections (VirusTotal) |
Symptoms | Trojans are designed to stealthily infiltrate the victim's computer and remain silent, and thus no particular symptoms are clearly visible on an infected machine. |
Distribution Methods | Infected email attachments, malicious online advertisements, social engineering, software 'cracks'. |
Damage | Stolen passwords and banking information, identity theft, the victim's computer added to a botnet. |
Malware Removal (Mac) | To eliminate possible malware infections, scan your Mac with legitimate antivirus software. Our security researchers recommend using Combo Cleaner. |
Mac-specific stealer examples
We have investigated countless malware samples; ROD, Poseidon, PureLand, and GoSorry are merely a a few of our articles on Mac-targeting stealers. Data-stealing software can seek only specific details or a broad range of data. What is more, such capabilities are common for various types of malware and are not exclusive to stealers.
However, regardless of how malicious software operates – its presence on a system threatens device integrity and user safety. Hence, all threats must be removed immediately upon detection.
How did Banshee infiltrate my computer?
Banshee is promoted by its developers on hacker forums and Telegram. However, the price for the stealer differs: on the forums – it is $3000 (per month), while on Telegram – it's $1999/mo. Since Banshee can be bought, how it is proliferated depends on the cyber criminals using it at the time (i.e., distribution techniques may vary between attacks).
Generally, malware is spread using phishing and social engineering techniques. Malicious programs are typically disguised as or bundled with ordinary software/media files. They can be archives (ZIP, RAR, etc.), executables (.exe, .run, etc.), documents (Microsoft Office, Microsoft OneNote, PDF, etc.), JavaScript, and so on. The infection is triggered once a virulent file is executed, run, or otherwise opened.
Widespread malware distribution methods include: backdoor/loader-type trojans, drive-by (stealthy/deceptive) downloads, malicious attachments or links in spam mail (e.g., emails, PMs/DMs, SMSes, etc.), online scams, malvertising, dubious download sources (e.g., freeware and third-party websites, Peer-to-Peer sharing networks, etc.), pirated content, illegal software activation tools ("cracks"), and fake updates.
Furthermore, some malicious programs can self-proliferate via local networks and removable storage devices (e.g., external hard drives, USB flash drives, etc.).
How to avoid installation of malware?
We highly recommend vigilance when browsing since the Internet is rife with deceptive and malicious content. Another recommendation is to exercise caution with incoming emails and other messages. Attachments or links found in suspicious/irrelevant mail must not be opened, as they can be infectious.
Additionally, all downloads must be made from official and trustworthy channels. We advise activating and updating software using legitimate functions/tools, as those obtained from third-parties can contain malware.
It is paramount for device and user safety to have a reputable anti-virus installed and kept up-to-date. Security programs must be used to run regular system scans and to remove detected threats and issues. If your computer is already infected, we recommend running a scan with Combo Cleaner Antivirus for macOS to automatically eliminate infiltrated malware.
Screenshot of Banshee stealer's admin panel:
Screenshot of Banshee stealer promoted on hacker forums:
Screenshot of Banshee stealer promoted on Telegram:
Banshee stealer has recently received some updates, such as:
- Polymorphic engine (each build and execution flow are different, yet the payload is exactly the same)
- Capability of spoofing LedgerLive
- Embedded in legit applications (e.g., Google Chrome, Telegram)
- Custom .dmg sizes
- Partial macOS 15 support
Instant automatic Mac malware removal:
Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of Mac malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner for Mac
By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.
Quick menu:
Potentially unwanted applications removal:
Remove potentially unwanted applications from your "Applications" folder:
Click the Finder icon. In the Finder window, select "Applications". In the applications folder, look for "MPlayerX","NicePlayer", or other suspicious applications and drag them to the Trash. After removing the potentially unwanted application(s) that cause online ads, scan your Mac for any remaining unwanted components.
Frequently Asked Questions (FAQ)
My computer is infected with Banshee malware, should I format my storage device to get rid of it?
Malware removal rarely necessitates formatting.
What are the biggest issues that Banshee malware can cause?
The dangers posed by an infection depend on the malware's functionalities and the attackers' goals. Banshee is an information stealer, and such infections are associated with severe privacy issues, financial losses, and identity theft.
What is the purpose of Banshee malware?
Malware is predominantly used to generate revenue. However, other motivations are possible, such as the cyber criminals seeking amusement, personal grudges, process disruption (e.g., websites, services, companies, organizations, etc.), hacktivism, and political/geopolitical reasons.
How did Banshee malware infiltrate my computer?
Malware is mainly distributed via trojans, drive-by downloads, suspect download channels (e.g., freeware and free file-hosting websites, P2P sharing networks, etc.), online scams, spam mail, pirated programs/media, illegal software activation tools ("cracks"), and fake updates. Some malicious programs can even self-spread through local networks and removable storage devices.
Will Combo Cleaner protect me from malware?
Yes, Combo Cleaner can scan devices and eliminate all manner of threats. It can detect and remove most of the known malware infections. Note that performing a full system scan is essential since sophisticated malicious software usually hides deep within systems.
▼ Show Discussion