Kandji Blog

Banshee Rust Rewrite?

Infostealers targeting macOS are evolving rapidly, making continuous monitoring essential, which our team is always on the lookout for. Many infostealers share similar behaviors aimed at exfiltrating data from compromised systems. In fact, these similarities can make it difficult to distinguish between different infostealers without a deep understanding of what to look for. Recently, the Objective-C source code for the infostealer "Banshee" was leaked, offering insight into its inner workings. On January 15, 2025, our team identified a new infostealer written in Rust on VirusTotal. This infostealer exhibits many of the same behaviors and targets, (such as browsers, wallets, and extensions,) found in the leaked Banshee code. Interestingly, the Rust-based application transmits captured files to localhost, suggesting it may still…