A new version of the Banshee macOS stealer, linked to Russian-speaking cybercriminals, has been monitored since September. This version went undetected for over two months, using a string encryption algorithm identical to Apple's XProtect antivirus engine. The malware targets browser credentials, cryptocurrency wallets, and sensitive information. It was distributed through malicious GitHub repositories and phishing websites, often masquerading as popular software. The Banshee stealer-as-a-service operation, priced at $3,000, was advertised on Telegram and dark web forums before shutting down in November 2024 due to source code leakage. Despite this, threat actors continue to distribute updated versions, highlighting the growing trend of targeting macOS users.