A new strain of MacOS malware has reportedly managed to evade antivirus detection for more than two months by borrowing an encryption system from Apple's security tools, researchers at cybersecurity firm Check Point revealed last week.

Mainstream media were quick to pick up the story Forbes Warning of “real and present dangers” and New York Post Quoted by Check Point on how Apple "preyed" on over 100 million users.

However, one Apple security researcher believes the situation may be more just noise than a threat.

“There's nothing really special about this particular sample,” said Patrick Wardle, CEO of endpoint security startup DoubleYou. Decryption In an interview via Signal.

While the malware appears to target “software-based cryptocurrency wallets” and remains a cause for concern, Wardle says it has received disproportionate media attention.

The malware, dubbed Banshee, acts as a $3,000 “theft-as-a-service” that targets cryptocurrency wallets and browser credentials. The operation ended abruptly in November last year when the malware's source code leaked to underground forums, prompting its creators to shut down the service.

What sets Banshee apart is its clever imitation of Apple's XProtect antivirus series encryption algorithm, allowing it to operate undetected from late September until November 2024.

This tactic helped the company bypass security tools while targeting cryptocurrency users with malicious GitHub repositories and phishing sites. analysis From the checkpoint explains.

While her evasion techniques appear sophisticated, Wardle describes her basic stealing abilities as relatively basic.

Such a characterization misses crucial technical context, Wardle said.

“XOR is the basic type of obfuscation,” he explains, referring to the encryption method used by both Apple and Banshee. “The fact that Banshee used the same approach as Apple is irrelevant.”

Notably, Wardle claims that modern versions of macOS already block this type of threat by default. “Out of the box, macOS will thwart the majority of malware,” he points out. "There is no risk to the average Mac user."

Having previously worked as a security researcher at the US National Security Agency, Wardle noticed this Recent changes In macOS security, it affected how software running on the device was signed or "documented" (in Apple's technical jargon).

Although there are more complex threats like zero-day exploits, Wardle suggests focusing on basic security practices rather than any specific strain of malware.

“There is always a trade-off between security and ease of use,” he said. "Apple is walking this line."

This case highlights how security threats can be miscommunicated to the public, especially when technical nuances are lost in translation.

“There are sophisticated malware out there... and this is not one of them,” Wardle said.

Modified by Sebastian Sinclair