A new information-stealing malware called 'Bansystiller,' targeting approximately 100 million macOS users worldwide, is evolving into a variant and emerging as a new security threat. This malware is being misused to steal passwords stored in browsers and virtual currency wallet information, prompting experts to call for preventive measures and enhanced security.
On Dec. 12 (local time), the U.S. economic magazine Forbes reported this fact through a guest article by cybersecurity expert Dave Winder and a report from Check Point Research.
The Bansystiller, which appeared in mid-2024, is malware aimed at macOS users and was designed to be easily used by anyone for a fee of $3,000 (approximately 4.41 million won). Cybercriminals have used this to steal sensitive information from users. However, the service was terminated after the source code was leaked in November, and the malware re-emerged as a more sophisticated variant.
According to security experts, the variant Bansystiller is exploiting Apple's XProtect encryption technique to bypass virus detection and extract data. In particular, passwords stored in browsers such as Chrome, Edge, and Brave, as well as virtual currency wallet information, are primary targets.
Antonis Terepos of Check Point Research noted, "Most antivirus engines have failed to detect this malware for more than two months," expressing concern that the number of cyberattacks targeting macOS users is likely to rise further.
Winder warned, "While Windows users have been the main targets in the past, cybercriminals are now focusing on the approximately 100 million macOS users worldwide."
Security experts emphasized that as malware becomes more sophisticated, it is establishing itself as a new threat and that preventive measures are urgently needed. Eric Schwake of Salt Security advised, "A conservative password policy for macOS security, training on phishing and malware risks, and regular updates of the latest security patches are necessary."
Ngoc Bui of Menlo Security pointed out that "the variant of Bansystiller is a case that reveals the security vulnerabilities of the Apple ecosystem," noting that while the frequency of corporations adopting the Apple ecosystem is increasing, security tools are not keeping pace. He stated, "Now, a multi-layered security approach is essential."