There is a virus for Mac named Banshee Stealer that is potentially affecting millions of Mac users.

IMMEDIATE ACTIONS REQUIRED:

– Never enter your Mac user or admin password unless you recognize the need to enter it because of an action you’re performing, such as powering on your Mac.

– Back up your critical data immediately in case you need to perform a clean MacOS install

– Because Banshee Stealer is unnoticeable, strongly consider running an anti-malware tool capable of detecting it.

What Anti-Malware Tools Work?

Intego, Malwarebytes, and Combo Cleaner are the only Mac-based anti-malware tools that I can find today that advertise that they can identify and stop the newest version of Banshee Stealer. There might be others. Combo Cleaner is available in the Mac App Store. Downloading apps from the store reduces the likelihood of getting a fake infected version. We don’t endorse any of the tools mentioned, nor do we receive any compensation. There are many online reviews about those two products. Stay current with your Mac OS updates, and hopefully, Apple’s built-in tools will soon detect and conquer the newest version of Banshee Stealer.

I realize many Mac users do not want to install anti-malware. If that’s you, please carefully understand all the information in this article to reduce your exposure. The newest variant of Banshee Stealer cleverly evades Apple’s built-in anti-malware tool, XProtect.

What is Banshee Stealer?

The sophisticated Banshee Stealer malware compromises computers and laptops running MacOS, including Intel-based Macs and those with Apple Silicon chips. Attackers use it to breach privacy, inflict financial losses, and steal identities. So far, iPhones and iPads have not been affected by Banshee Stealer. In my presentations and speeches, participants often ask if Macs are susceptible to viruses and other malware; this is an example of when they are.

Banshee Stealer is a new variant; it started as Malware-as-a-Service (MaaS). Threat actors could purchase access for $3,000 per month to attack Mac users. The new variant resurfaced in September, using encryption from Apple’s XProtect anti-virus tool, evading antivirus detection for months.

How Can Your Computer Become Infected with Banshee Stealer?

• If you click on links in email messages that take you to a site that might appear normal but will infect your computer with Banshee Stealer
• If you open attachments to email messages that contain the Banshee Stealer malware or take you to a site that downloads and installs Banshee Stealer
• Scanning QR codes in email mail or other messages for the same reason
• If you enter your username and password into what appears to be a legitimate Apple pop-up
• Downloading programs and applications that have Banshee Stealer hidden inside
• If you follow a fake prompt that tells you an update or program needs to be installed, a password needs to be reset, or some application asks to use your camera or microphone or have some other elevated privilege.

Symptoms:

Banshee Stealer is designed to be undetectable. You might not find out your Mac was infected until your finances, identity, and privacy are in shambles. Possible symptoms include:

• Your Mac computer or laptop starts behaving differently than before.
• You might receive unexpected prompts asking you to install software, reset your password, grant permission, etc.
• If you notice that your bank or other online accounts have been compromised, an attacker may have used Banshee Stealer to steal your passwords.
• If your Mac starts operating much slower than before, or if the battery life seems shorter, Banshee Stealer might upload data in the background or perform other activities on your computer.
• If you notice unexpected file changes on your computer
• If you have a Crypto Wallet that gets compromised.

What to Do to Help Prevent Infection:

Strongly consider using anti-malware capable of detecting Banshee Stealer, as discussed above.

Beware of all prompts that pop up on your screen that look like they are Apple prompts asking for your password. Banshee Stealer is great at mimicking the Apple prompts, and if you enter your username and password, Banshee Stealer captures them. It is essential that you only enter your username and password when you are actively expecting to need to, such as:

• When you power on the computer or when you log in after the screen is locked
• When you are installing new software right then
• When you are logging into Keychain
• When you told the Mac to install system updates
• Administrative tasks like when you are intentionally accessing system files
• And some of the changes to system preferences you’re making right then.

Only install programs and applications from trusted companies. Remember that attackers can sometimes infect trusted companies and install malware without the software provider’s knowledge. This is called a supply chain attack, and it can be very successful if people trust the website or tool. Getting programs from the Mac App Store helps minimize the risk of downloading malware hidden inside an otherwise functional program.

Do not double-click on a link or button on a website. Legitimate website navigation involves single-clicks. Threat actors have determined that people will follow instructions to double-click or double-click if something does not seem work the first time. During a double-click process, attackers will quickly replace the original link with a malicious one right after the first click before the second. Users do not realize what they’ve done and might have executed a script or unknowingly performed another task the threat actor wanted.

Do not click on links in email messages or other messages, and do not scan a QR code—it functions as a link. Do not click on links on services such as YouTube; threat actors will put links into the descriptions and comments. View every link everywhere as suspicious and avoid clicking.

Do not open attachments that arrive via email or another method unless you confirm with the sender that it is indeed the file they sent. Remember that attackers can compromise other companies or users and use their email addresses to send malicious files when you expect them. This is a way for even the most security-conscious people to be infected.

Update your MacOS regularly. Instead of answering a prompt on your screen telling you about an update, regularly click on the apple in the top left corner and choose System Settings, General, then Software Update.

Consider removing as many browser extensions as possible. Sometimes malware infects browser extensions or comes included when you install an extension.

Use multi-factor authentication (MFA) on all the websites, Software as a Service (SaaS) solutions, and everywhere else you can. Choosing to receive a text message for the second step of the login process is much better than having no MFA, but it is not the most secure choice due to the SIM-Swapping attackers use. They learn as much as they can about you, frequently using AI, and contact your phone provider and try to convince your provider that they are you and that you have a new SIM chip or a new phone. Recent breaches have exposed your location history gathered by companies who write apps and sell your location information. Threat Actors can use AI to combine location information with publicly available data to learn much about you and your life. If the phone provider is duped, they’ll successfully take over your account and be able to receive the text messages on their device. If you ever change your phone number, you’ll need to go to all the websites where you set up text-based MFA, disable MFA, and re-enable MFA when you get the new number.

For more secure multi-factor authentication, if the website or SaaS tool allows, set up an authenticator app on your smartphone that generates a number every thirty seconds. This Time-Based One-Time Password (TOTP) is more secure because it doesn’t rely on a text message. Popular authenticators include Google Authenticator, Microsoft Authenticator, Authy, and more. (Same disclaimers as above). Be sure to back up your authenticator app in case you lose or upgrade your phone. Otherwise, you could be locked out of everything you set up for TOTP. If you can’t generate the codes, you won’t be able to log in to the sites that require that code. There are other options that are more secure than text message-based MFA, including USB Keys, Passkeys, etc.

Be sure you use different passwords for every website or SaaS offering. When attackers compromise your password anywhere, they’ll perform credential stuffing, meaning they try the same username and password at dozens of other popular websites and SaaS platforms. It is challenging to remember passwords, and password manager software can be very helpful. Password managers remember your passwords for you and can fill them in when prompted. Although web browsers have this feature, too, many people consider password managers more secure since, if an attacker compromises your browser, the passwords are not readily available to them. Some password managers will synchronize across multiple devices, reset weak passwords for you, and offer other features. It is almost always best not to use the VPN and other services that come with password managers. 1Password, DashLane, Keeper, LastPass, and many others are common. (Same disclaimers about not endorsing these nor do we get compensation). And Apple has revamped the MacOS Keychain password manager to be more secure than it was. When you use a password manager, be sure it is backing up somewhere in case you lose your laptop. Apple Keychain automatically backs up to iCloud and synchronizes across your other devices.

If you have sensitive data, consider encrypting the files in case Banshee Stealer or other malware accesses and steals them.

Computers and devices communicate through a network, copper or WiFi. Malware can move from one computer to another. If you use your Mac at home and family members have Macs who aren’t as careful as you are, having a segmented network for you to use, separate from everyone else, helps protect you from malware spreading from their computers onto yours. Segmentation is slightly technical, and the easiest way to segment a home network might be to have all the other family members connect to the “guest” network and use the primary network.

Set up text messages for all financial transactions. Most financial institutions offer SMS or email alerts whenever transactions larger than a certain amount are processed. I have my accounts set to text me anytime a transaction of more than one dollar occurs on any account because that is the minimum amount my banks allow. Yes, I receive many alerts, but I’d prefer to receive many alerts than not knowing about an unauthorized withdrawal. Continue to monitor bank statements and other financial records.

If your company has an Extended Detection and Response (XDR) solution, contact your IT professionals to be sure they’ve installed the XDR agent on your Mac, too. If your business isn’t already using XDR, you must. This technology is designed to detect and stop malicious activity before it has time to do much, if any, harm. Examples of XDR tools include Crowd Strike, Cynet, Sentinel One, and more (we don’t endorse nor receive compensation for mentioning them).  As cybersecurity consultants, we recommend that our customers get XDR from their IT Team’s vendor. The typical approximately $20/mo/user seems expensive until after a breach. Many companies get breached even though they have XDR in place, but the most common reason is that something wasn’t implemented correctly or there is a breakdown or delay in communications. Companies engage with us to perform independent periodic vigorous red team exercises to attack and test their XDR response. Most XDR implementations fail the first exercise, but finding weaknesses before the threat actors do is the point. After the exercise and forthcoming recommendations are implemented, a company is much more prepared for a real-world attack.

This recommendation isn’t for everyone; I left it for last. Implementing this can be complicated and frustrating and is most often initiated by enterprises using Windows and Mac. Another strategy to help avoid getting malware from websites is to use a hosted browser, also known as browser isolation. This service runs a web browser on their servers, and your computer shows you their browser. Thus, all browser attacks will attack the company hosting the browser, not your computer’s browser. Sometimes, hosted browsers work better than others, but you might consider this option to further isolate and protect your computer from browser-based threats. For example, if a website wants to access your local mic and camera, it won’t work since you’ll be using the hosted browser. But this protects you from malicious websites that take over your mic and camera. My research to locate a hosted browser for the Mac was complex, and I want to rush this blog to the press due to the urgency of Banshee Stealer. Candidates for stand-alone hosted browser solutions for the Mac include Menlo Secure Cloud Browser, Authentic8, and the Puffin Browser. Zscaler and Cloudflare also offer hosted browser solutions for the Mac, but they don’t seem to be sold as a stand-alone solution but as part of a larger package. We are not endorsing or receiving any compensation for listing those products.

Proactive Steps to Take In Case You Get Infected:

There are other steps to take that will help you if you do get infected. Be sure you are backing up with Mac OS’s built-in Time Machine or another service. Using multiple external USB drives for backup and rotating them is a great idea. Mac OS will keep track of each drive and apply the backups when you plug in the specific drive. Strongly consider an online backup service. Examples of highly rated cloud backup services for Mac users include BackBlaze, iDrive, and Acronis, but there are others. We are not endorsing those, nor do we receive any compensation for recommending them. You might even copy your files to an online storage service; use multi-factor authentication and all the other industry-best cybersecurity practices for cloud storage. Some people copy their most important files to one or more external drives, leaving them disconnected except when copying files.

What to do if you think you are infected:

Turn off your Wi-Fi or disconnect your Ethernet cable to stop any more files from being stolen and uploaded.

Run an anti-malware package described above under prevention.

Continue to watch your financial accounts for any suspicious activity.

Follow all the steps above under the section on what to do to avoid infection.

Consider moving your assets to a new, secure wallet if you use cryptocurrency.

You should contact gurus at Apple or another support organization who can help you with your Mac.

Reset all of your passwords. If you are not using a password manager, now might be a good time to do so.

Decide whether to alert your business and associates that if they receive an email pretending to be from you, it is likely not from you.

If you want to feel confident you’ve removed all of the malware, consider backing up your data and performing a clean install of macOS.

Final Thoughts:

I hope you do not become infected with Banshee Stealer and are not already infected, which is tricky to detect. Following the guidance in this article can also help protect you from other Mac malware. Tell your friends.

The post Mac Users – Urgent Security Alert: Protecting Your Mac from Banshee Stealer Malware appeared first on Foster Institute.

First, see if you are vulnerable. Click on the apple symbol on the top left of your screen, then choose About This Mac. If you have macOS High Sierra, you are probably vulnerable. If you have anything else, stop here.

Second, you can protect yourself by making sure nobody other than you can get to your computer. So far, though theoretically possible, the vulnerability has not been exploited remotely unless you have enabled “Share my Screen.” If you feel confident that no bad actors will have access to your computer, you can stop here.

Third, reset the root password. Apple provides the 8 necessary steps at support.apple.com/en-us/HT204012 , Scroll down to the section entitled: Change the Root Password. In their step 7, if the option Edit > Change Root Password is grayed out on your Mac, then instead click the option Edit > Enable Root User and continue with step 8.

Please forward this to everyone you care about that has a Mac.

The post Mac Vulnerability Permits Unauthorized Login appeared first on Foster Institute.

The hacking group calls themselves “Turkish Crime Family.” They are demanding $100,000 in gift cards, or $75,000 in cryptocurrency by April 7, or they will wipe all the Apple accounts. It is easy to see why people who have Macs, iPhones, and iPads are concerned.

Apple says that Apple has not been hacked, but it is likely that any compromised passwords are the result of Apple users who may have used the same password at other websites as they do for their Apple account.

What should you do?

Perhaps the best solution to protect all your online accounts, Apple and other companies as well, is to set up two step verification.

You may have experienced going to a website, entering your username and password, and then your mobile phone buzzes and tells you to enter a code such as 777888 to complete the login process. That’s one type of two step verification.

When you use that kind of two step verification, an attacker would need to steal your mobile phone too before they could log on with your username and password. So, keep your phone with you. It will be difficult for people, especially those thousands of miles away, to access your phone even if they already know your username and password.

Another, even easier to use method for two step verification is called one tap login. Then, instead of needing to enter a code that comes via text message, all you have to do is tap an app on your phone to approve a login attempt.

To set up two step verification to protect your Apple devices, follow the instructions you will find when you google the following text. Either use copy and paste or manually type these words into a Google search:

two factor authentication for apple id site:apple.com

Always keep your devices upgraded with the latest security patches. If you have an older iPhone or iPad that cannot be upgraded to at least iOS 9 or newer, or a Mac that cannot be upgraded to El Capitan or newer, then follow the instructions you will find when you google:

two step verification for Apple ID site:apple.com

Drobox, PayPal, Google apps, and many other sites already support two step verification. You just have to turn it on. Do it today for all of your sensitive accounts.

To set up two step verification on your Google accounts, visit www dot google dot com/landing/2step/

Another way to find that page is to google this text, including the first word google:

Google 2 step verification site:google.com

For instructions to set up two step verification at Dropbox, google this text:

enable two step verification site:dropbox.com

Use similar searches to find instructions for your other services. It is important to use the word site followed by the actual website of your service if you want to get the information straight from the service, not somewhere else.

But you may wonder what to do for all the sites that you use that do not support two step verification.

Remembering passwords is too much trouble, so many people, even non-technical people, use a password manager to remember the different passwords for them. When they visit a site that asks for a password, the password manager quickly and automatically fills in their username and password for them.

But of course, you can never feel positive that password managers will keep your passwords secure. So, separate your passwords into two groups:

Put the passwords that you need to keep really secure, such as bank passwords, into the first group. You may choose to omit those sensitive passwords from your password manager. You might choose to remember them in your head. Or if you don’t like that idea, then you can write them down on paper that you keep in a secure location. Writing them down isn’t as good as memorizing them, but at least it is difficult for people thousands of miles away to read the paper on which you wrote the passwords. Or, if you feel you must store those passwords in a file on your computer, then encrypt the file, and name the file something other than “my passwords”.

The second group of passwords contains passwords, such as airline website logins, that it will not devastate you in the unlikely event that your password manager gets compromised. The passwords in this group are great candidates for your password manager.

Many people put the vast majority of their passwords in the password manager. The automatic filling in process sure speeds up the login process. Additionally, since you needn’t remember passwords anymore, using different passwords at different sites is easy. In fact, people sometimes trust password managers with even their most sensitive passwords, but only if those sites use two step verification too.

And, for a sometimes fun/sometimes scary experience, if you want to see if your password might have been hacked, follow the instructions you will find in The Foster Institute blog when you google:

How to Find Out if Your Password Might Have Been Hacked site:fosterinstitute.com

Please forward this to anyone you know who uses Apple devices, as well as anyone you know who wants to make their user names and passwords much more secure.

The post Your iPhone and iPad are in Danger appeared first on Foster Institute.

Independent studies by the testing firm AV-TEST show that two top picks for Mac anti-virus are:

Bitdefender Antivirus for the Mac (Around $60)
Symantec Norton Security (Around $50)

The latter offers more features, but the tests demonstrate that they are both effective and barely slow Mac computers down so it is unlikely that you will experience any changes in your user experience.

(We do not make any money or receive any royalties for recommending these tools)

You can look at the AV-test website to see the specifics.

Forward this to your friends who have Macs so that they can be protected too!

The post Protect your Mac from Viruses appeared first on Foster Institute.