Kaspersky posted a summary of some high-level updates on Banshee back in January. Although it’s a bit light on specific details about behavior, there’s still some very interesting information there.
Of particular interest is a bit of history about the malware. Banshee was first released as malware-as-a-service back in July of 2024. It had a rather short life, however, as its code was leaked publicly in November, thus removing any motivation to pay for their service and ending Banshee’s commercial success.
However, this means that now anyone can pick up Banshee’s code and use it, and Kaspersky referred to seeing cybercriminals do exactly that, repurposing Banshee to their own ends. In a case of “Banshee is dead, long live Banshee,” it seems that we will be likely to continue to see Banshee-based malware. It will be interesting to see how this code diverges in the hands of new developers, and continues to evolve even though the original threat actors are no longer behind it.