{"id":377272,"date":"2025-01-13T16:54:18","date_gmt":"2025-01-13T16:54:18","guid":{"rendered":"https:\/\/www.techopedia.com\/?p=377272"},"modified":"2025-01-13T16:54:18","modified_gmt":"2025-01-13T16:54:18","slug":"banshee-steals-apple-encryption-to-empty-your-wallets","status":"publish","type":"post","link":"https:\/\/www.techopedia.com\/banshee-steals-apple-encryption-to-empty-your-wallets","title":{"rendered":"Banshee \u2018Steals\u2019 Apple\u2019s Encryption To Empty Your Wallets"},"content":{"rendered":"<p>The macOS stealer <strong>Banshee<\/strong> has resurfaced with a dangerous new update. The stealer now builds off Apple&#8217;s built-in anti-malware technology, making it hard to detect and efficient in its digital heists.<\/p>\n<p>Banshee has been linked to the Russian cybercriminal industry and emerged rather recently in mid-2024. In that time, the stealer has been continuously under development, leaked on <a href=\"https:\/\/www.techopedia.com\/definition\/github\">GitHub<\/a>, reverse-engineered, and then resurfaced with impressive capabilities.<\/p>\n<p>The developers behind this stealer are also scaling their operations. They slashed the price for the malware from $3,000 last year to just $1,500 in January 2025.<\/p>\n<p>On January 9, Check Point researchers released the findings of their <a href=\"https:\/\/research.checkpoint.com\/2025\/banshee-macos-stealer-that-stole-code-from-macos-xprotect\/\" target=\"_blank\">investigation into the new version of Banshee<\/a>. They explain that this new version of Banshee has been operating undetected by security vendors for the past two months.<\/p>\n<p>Techopedia explores Banshee&#8217;s capabilities and how it uses Apple&#8217;s <a href=\"https:\/\/www.techopedia.com\/definition\/10990\/xprotect\">XProtect<\/a> <a href=\"https:\/\/www.techopedia.com\/definition\/5507\/encryption\">encryption<\/a> and interviews experts and Apple anti-malware providers.<\/p>\n<div class=\"su-note\"  style=\"border-color:#e5e54c;border-radius:3px;-moz-border-radius:3px;-webkit-border-radius:3px;\"><div class=\"su-note-inner su-u-clearfix su-u-trim\" style=\"background-color:#FFFF66;border-color:#ffffff;color:#333333;border-radius:3px;-moz-border-radius:3px;-webkit-border-radius:3px;\">\n<h2><span id=\"key_takeaways\">Key Takeaways<\/span><\/h2>\n<ul>\n<li>The new version of Banshee targets crypto wallets, steals sensitive data, and employs social engineering tactics to trick users into compromising their systems.<\/li>\n<li>The malware&#8217;s developers have reduced the price of the stealer-as-a-service offering, indicating an intention to expand their operations and target a wider range of victims.<\/li>\n<li>Maintaining updated software, exercising caution with suspicious links and downloads, and implementing a multi-layered security approach are crucial for reducing the risk posed by Banshee and other macOS threats.<\/li>\n<\/ul>\n<\/div><\/div>\n<div>\n    <section class=\"toc-sticky w-100 bg-white \">\n        <div class=\"toc-sticky__container container\">\n            <div class=\"toc-sticky__open d-flex align-items-end\" data-bs-toggle=\"collapse\"\n                 aria-controls=\"multiCollapse1\"\n                 data-bs-target=\"#multiCollapse1\">\n                <button\n                        class=\"btn btn-primary collapse-action-btn p-1 rounded-circle\"\n                        type=\"button\"\n                >\n                    <i class=\"icon-chevron-up\"><\/i>\n                <\/button>\n                <span id=\"toc-current-title\" class=\"d-flex align-items-center\">\n                    Table of Contents\n                <\/span>\n                <span class=\"toc-main-title-permanent\">Table of Contents<\/span>\n            <\/div>\n            <div\n                    class=\"collapse my-3\"\n                    id=\"multiCollapse1\"\n            >\n                <ol class=\"StepProgress\">\n                                                                        <li class=\"StepProgress-item current\">\n                                                <div class=\"StepProgress-item__group\">\n                            <a data-id=\"key_takeaways\"\n                               onclick=handleScrollToTitle(\"key_takeaways\")\n                               class=\"StepProgress-item__link\" data-level=\"2\">Key Takeaways<\/a>\n                                                    <\/div>\n                                                <\/li>\n                                                                        <li class=\"StepProgress-item\">\n                                                <div class=\"StepProgress-item__group\">\n                            <a data-id=\"this_is_what_the_new_banshee_can_do_on_a_mac\"\n                               onclick=handleScrollToTitle(\"this_is_what_the_new_banshee_can_do_on_a_mac\")\n                               class=\"StepProgress-item__link\" data-level=\"2\">This is What the New Banshee Can Do on a Mac<\/a>\n                                                    <\/div>\n                                                <\/li>\n                                                                        <li class=\"StepProgress-item\">\n                                                <div class=\"StepProgress-item__group\">\n                            <a data-id=\"how_does_banshee_use_apples_xprotect_anti-virus\"\n                               onclick=handleScrollToTitle(\"how_does_banshee_use_apples_xprotect_anti-virus\")\n                               class=\"StepProgress-item__link\" data-level=\"2\">How Does Banshee Use Apple's XProtect Anti-Virus?<\/a>\n                                                    <\/div>\n                                                <\/li>\n                                                                        <li class=\"StepProgress-item\">\n                                                <div class=\"StepProgress-item__group\">\n                            <a data-id=\"how_to_keep_your_mac_safe_from_banshee\"\n                               onclick=handleScrollToTitle(\"how_to_keep_your_mac_safe_from_banshee\")\n                               class=\"StepProgress-item__link\" data-level=\"2\">How to Keep Your Mac Safe from Banshee<\/a>\n                                                    <\/div>\n                                                <\/li>\n                                                                        <li class=\"StepProgress-item\">\n                                                <div class=\"StepProgress-item__group\">\n                            <a data-id=\"the_bottom_line\"\n                               onclick=handleScrollToTitle(\"the_bottom_line\")\n                               class=\"StepProgress-item__link\" data-level=\"2\">The Bottom Line<\/a>\n                                                    <\/div>\n                                                <\/li>\n                                                                        <li class=\"StepProgress-item\">\n                                                <div class=\"StepProgress-item__group\">\n                            <a data-id=\"faqs\"\n                               onclick=handleScrollToTitle(\"faqs\")\n                               class=\"StepProgress-item__link\" data-level=\"2\">FAQs<\/a>\n                                                    <\/div>\n                                                <\/li>\n                                                                        <li class=\"StepProgress-item\">\n                                                <div class=\"StepProgress-item__group\">\n                            <a data-id=\"references\"\n                               onclick=handleScrollToTitle(\"references\")\n                               class=\"StepProgress-item__link\" data-level=\"2\">References<\/a>\n                                                    <\/div>\n                                                <\/li>\n                                    <\/ol>\n                <div class=\"toc-sticky__container__disperse\"><\/div>\n                <div class=\"toc-sticky__btn-top justify-content-center\">\n                    <button class=\"btn btn-link d-flex align-items-center\" onclick={btnTop()}><p>Show Full Guide<\/p><img decoding=\"async\"\n                                src=\"\/wp-content\/plugins\/table-of-contents\/assets\/images\/arrow-up-circle.svg\"\n                                alt=\"arrow-up-circle\">\n                    <\/button>\n                <\/div>\n            <\/div>\n        <\/div>\n    <\/section>\n    <div class=\"toc-sticky-list\">\n        <div class=\"toc-sticky__container container\">\n            <div class=\"toc-sticky__open d-flex align-items-end\" data-bs-toggle=\"collapse\" aria-controls=\"multiCollapse2\" data-bs-target=\"#multiCollapse2\">\n                <button class=\"btn btn-primary collapse-action-btn p-1 rounded-circle\"\n                        type=\"button\">\n                    <i class=\"icon-chevron-up up\"><\/i>\n                <\/button>\n                <span id=\"toc-current-title\" class=\"d-flex align-items-center\">\n                    Table of Contents\n                <\/span>\n            <\/div>\n            <div  class=\"collapse my-3\" id=\"multiCollapse2\">\n                <ol class=\"StepProgress\">\n                    \t\t\t\t\t \t\t\t\t\t                                                     <li class=\"StepProgress-item current \">\n                                                    <div class=\"StepProgress-item__group\">\n                                <a data-id=\"key_takeaways\"\n                                   onclick=handleScrollToTitle(\"key_takeaways\")\n                                   class=\"StepProgress-item__link\"\n                                   data-level=\"2\">Key Takeaways<\/a>\n                                                            <\/div>\n                                                    <\/li>\n                    \t\t\t\t\t \t\t\t\t\t                                                     <li class=\"StepProgress-item \">\n                                                    <div class=\"StepProgress-item__group\">\n                                <a data-id=\"this_is_what_the_new_banshee_can_do_on_a_mac\"\n                                   onclick=handleScrollToTitle(\"this_is_what_the_new_banshee_can_do_on_a_mac\")\n                                   class=\"StepProgress-item__link\"\n                                   data-level=\"2\">This is What the New Banshee Can Do on a Mac<\/a>\n                                                            <\/div>\n                                                    <\/li>\n                    \t\t\t\t\t \t\t\t\t\t                                                     <li class=\"StepProgress-item \">\n                                                    <div class=\"StepProgress-item__group\">\n                                <a data-id=\"how_does_banshee_use_apples_xprotect_anti-virus\"\n                                   onclick=handleScrollToTitle(\"how_does_banshee_use_apples_xprotect_anti-virus\")\n                                   class=\"StepProgress-item__link\"\n                                   data-level=\"2\">How Does Banshee Use Apple's XProtect Anti-Virus?<\/a>\n                                                            <\/div>\n                                                    <\/li>\n                    \t\t\t\t\t \t\t\t\t\t\n\t\t\t\t\t\t <span class=\"show_moretoc\">Show Full Guide<\/span>\n\t\t\t\t\t\t \t\t\t\t\t \t\t\t\t\t\t  \t\t\t\t\t                                                      <li class=\"StepProgress-item ms_hidetoc\">\n                                                    <div class=\"StepProgress-item__group\">\n                                <a data-id=\"how_to_keep_your_mac_safe_from_banshee\"\n                                   onclick=handleScrollToTitle(\"how_to_keep_your_mac_safe_from_banshee\")\n                                   class=\"StepProgress-item__link\"\n                                   data-level=\"2\">How to Keep Your Mac Safe from Banshee<\/a>\n                                                            <\/div>\n                                                    <\/li>\n                    \t\t\t\t\t \t\t\t\t\t \t\t\t\t\t\t  \t\t\t\t\t                                                      <li class=\"StepProgress-item ms_hidetoc\">\n                                                    <div class=\"StepProgress-item__group\">\n                                <a data-id=\"the_bottom_line\"\n                                   onclick=handleScrollToTitle(\"the_bottom_line\")\n                                   class=\"StepProgress-item__link\"\n                                   data-level=\"2\">The Bottom Line<\/a>\n                                                            <\/div>\n                                                    <\/li>\n                    \t\t\t\t\t \t\t\t\t\t \t\t\t\t\t\t  \t\t\t\t\t                                                      <li class=\"StepProgress-item ms_hidetoc\">\n                                                    <div class=\"StepProgress-item__group\">\n                                <a data-id=\"faqs\"\n                                   onclick=handleScrollToTitle(\"faqs\")\n                                   class=\"StepProgress-item__link\"\n                                   data-level=\"2\">FAQs<\/a>\n                                                            <\/div>\n                                                    <\/li>\n                    \t\t\t\t\t \t\t\t\t\t \t\t\t\t\t\t  \t\t\t\t\t                                                      <li class=\"StepProgress-item ms_hidetoc\">\n                                                    <div class=\"StepProgress-item__group\">\n                                <a data-id=\"references\"\n                                   onclick=handleScrollToTitle(\"references\")\n                                   class=\"StepProgress-item__link\"\n                                   data-level=\"2\">References<\/a>\n                                                            <\/div>\n                                                    <\/li>\n                                    <\/ol>\n            <\/div>\n            <div class=\"toc-sticky__container__disperse\"><\/div>\n        <\/div>\n    <\/div>\n<\/div>\n\n<script id=\"toc-js\">\n    window.addEventListener(\"DOMContentLoaded\", () => {\n        const header = document.querySelector(\".header_wrapper\");\n\n        const pageLegend = document.querySelector('#multiCollapse1');\n        const pageLegendList = document.querySelector('#multiCollapse2');\n        const pageLegendCollapse = new bootstrap.Collapse(pageLegend, {toggle: document.querySelector(\".toc-sticky\").classList.contains('sticky')});\n\n        \/**\n         * Changing current title\n         *\/\n        (function (pageLegend) {\n            const titleNodes = pageLegend.querySelectorAll('.StepProgress-item__link');\n\n            if (!titleNodes.length) return;\n\n            const titles = [...titleNodes].map((itm, i) => ({\n                id: itm.getAttribute('data-id'),\n                text: itm.textContent,\n                level: itm.getAttribute('data-level'),\n                linkNode: itm,\n                titleNode: document.getElementById(itm.getAttribute('data-id')),\n                index: i,\n            }));\n\n            \/**\n             * Source: https:\/\/www.sitepoint.com\/throttle-scroll-events\/\n             * @param {Function} fn\n             * @param {number} wait\n             * @returns {(function(): void)|*}\n             *\/\n            const throttle = (fn, wait) => {\n                let time = Date.now();\n                return function () {\n                    if ((time + wait - Date.now()) < 0) {\n                        fn();\n                        time = Date.now();\n                    }\n                }\n            }\n\n            const changeCurrentTitle = () => {\n                const documentScrollTop = window.pageYOffset || document.documentElement.scrollTop || document.body.scrollTop || 0;\n                let current = 0;\n\n                \/\/ Title\n                titles.forEach((itm, i) => {\n\t\t\t\t\/\/console.log(itm)\n                    const itmOffsetTop = itm.titleNode ? itm.titleNode.offsetTop - 100 : 0;\n\n                    if (documentScrollTop >= itmOffsetTop) {\n                        document.getElementById('toc-current-title').innerHTML = itm.text;\n                        document.getElementById('toc-current-title').setAttribute('data-current-id', itm.id);\n                        document.getElementById('toc-current-title').setAttribute('data-current-level', itm.level);\n                        current = i;\n                    }\n                })\n\n                \/\/ close all list and open sub list if needed\n                if (document.querySelector(\".toc-sticky\").classList.contains('sticky')) {\n                    document.querySelectorAll('.subList-in-progress').forEach((el) => {\n                        el.children[1].classList.remove('show');\n                        el.getElementsByClassName('icon-chevron-down')[0].classList.remove('up');\n                    });\n                    const currentEl = titles[current];\n                    currentEl.linkNode.classList.add('show');\n                }\n\n                titles.forEach((itm, i) => {\n                    itm.linkNode.parentNode.parentNode.classList.remove('current', 'is-done');\n                    if (current > i) {\n                        itm.linkNode.parentNode.parentNode.classList.add('is-done')\n                    };\n                    if (current === i) {\n                      itm.linkNode.parentNode.parentNode.classList.add('current');\n                    };\n                })\n\n            }\n\n            changeCurrentTitle();\n\n            document.addEventListener('scroll', throttle(changeCurrentTitle, 50));\n        })(pageLegend);\n\n\n        \/**\n         *  Collapse\n         *\/\n        (function (pageLegend, header) {\n            const icon = pageLegend.parentNode.querySelector(\".collapse-action-btn i\");\n\n            const collapseToggle = (status) => (e) => {\n                if (!e.target.isEqualNode(pageLegend)) return;\n\n                icon.classList.toggle(\"up\");\n\n                const containerHeight = pageLegend.getBoundingClientRect().height;\n\n                const showSubtitleContent = () => {\n                    const currentId = document.getElementById('toc-current-title').getAttribute('data-current-id');\n                    const currentLevel = document.getElementById('toc-current-title').getAttribute('data-current-level');\n                    const currentSubTitle = currentLevel == 3 ? document.querySelector(`a[data-id=\"${currentId}\"]`).parentNode.parentNode.parentNode : false;\n\n                    if (!currentSubTitle) return;\n                    new bootstrap.Collapse(currentSubTitle, {toggle: false}).show();\n                }\n\n                showSubtitleContent();\n                if (status === 'shown' && document.querySelector(\".toc-sticky\").classList.contains('sticky') ) {\n                    document.querySelector('html').classList.remove('overflow-hidden');\n                    pageLegend.classList.add('overflow-auto');\n                    pageLegend.style.height = `calc(100vh - ${header.getBoundingClientRect().height + document.querySelector('.toc-sticky__open').getBoundingClientRect().height + 16}px)`;\n                } else if (status === 'hide') {\n                    document.querySelector('html').classList.remove('overflow-hidden');\n                    pageLegend.classList.remove('overflow-auto');\n                    pageLegend.style.height = 'auto';\n                }\n            }\n\n            pageLegend.addEventListener('shown.bs.collapse', collapseToggle('shown'));\n            pageLegend.addEventListener('hide.bs.collapse', collapseToggle('hide'));\n        })(pageLegend, header);\n\n        \/**\n         * Collapse sub-titles\n         *\/\n        (function (pageLegend) {\n            const collapseEls = pageLegend.querySelectorAll('.collapse');\n\n            collapseEls.forEach(function (el) {\n\n                const toggleArrowDirection = function (e) {\n                    if (!e.target.isEqualNode(el)) return;\n\n                    const id = this.getAttribute('id');\n                    document.querySelector(`.collapse-action-btn[data-bs-target=\"#${id}\"] .icon-chevron-down`).classList.toggle('up');\n                }\n                el.addEventListener('shown.bs.collapse', toggleArrowDirection);\n                el.addEventListener('hide.bs.collapse', toggleArrowDirection);\n            })\n        })(pageLegend);\n\n        \/**\n         *  Collapse main title\n         *\/\n        (function (pageLegendList) {\n            const icon = pageLegendList.parentNode.querySelector(\".collapse-action-btn i\");\n\n            const collapseToggle = () => (e) => {\n                if (!e.target.isEqualNode(pageLegendList)) return;\n\n                icon.classList.toggle(\"up\");\n\n            }\n            pageLegendList.addEventListener('shown.bs.collapse', collapseToggle());\n            pageLegendList.addEventListener('hide.bs.collapse', collapseToggle());\n        })(pageLegendList);\n\n        (function (pageLegendList) {\n            const collapseEls = pageLegendList.querySelectorAll('.collapse');\n\n            collapseEls.forEach(function (el) {\n\n                const toggleArrowDirection = function (e) {\n                    if (!e.target.isEqualNode(el)) return;\n\n                    const id = this.getAttribute('id');\n                    document.querySelector(`.toc-sticky-list .collapse-action-btn[data-bs-target=\"#${id}\"] .icon-chevron-down`).classList.toggle('up');\n                }\n                el.addEventListener('shown.bs.collapse', toggleArrowDirection);\n                el.addEventListener('hide.bs.collapse', toggleArrowDirection);\n            })\n        })(pageLegendList);\n\n        \/**\n         * Sticky functionality\n         * Source: https:\/\/stackoverflow.com\/questions\/17893771\/javascript-sticky-div-after-scroll\n         *\/\n        (function (header, pageLegendCollapse) {\n            \/\/ set everything outside the onscroll event (less work per scroll)\n            const target = document.querySelector(\".toc-sticky\");\n            const targetListStatic = document.querySelector(\".toc-sticky-list\");\n\n            if (!target || !header) return;\n\n            const headerHeight = header.getBoundingClientRect().height;\n            const targetHeight = targetListStatic.getBoundingClientRect().height;\n\n            \/\/ -headerHeight so it won't be jumpy\n            const stop = targetListStatic.offsetTop + headerHeight + targetHeight;\n            const docBody =\n                document.documentElement || document.body.parentNode || document.body;\n            const hasOffset = window.pageYOffset !== undefined;\n\n            const applySticky = function () {\n                \/\/ cross-browser compatible scrollTop.\n                const scrollTop = hasOffset ? window.pageYOffset : docBody.scrollTop;\n\n                \/\/ if user scrolls to headerHeight from the top of the target div\n                if (scrollTop >= stop) {\n                    pageLegendCollapse.hide();\n                    \/\/ stick the div\n                    target.classList.add(\"sticky\");\n                    \/\/target.style.marginTop = `${headerHeight}px`;\n                } else {\n                    pageLegendCollapse.show();\n                    \/\/ release the div\n                    target.classList.remove(\"sticky\");\n                    target.style.marginTop = \"\";\n                }\n            }\n\n            applySticky();\n\n            window.addEventListener('scroll', applySticky);\n        })(header, pageLegendCollapse);\n\tjQuery('span.show_moretoc').click(function(){\n\t\tjQuery('span.show_moretoc').hide();\n\t   jQuery('.ms_hidetoc').show();\n\t});\n    });\n\n    \/\/ When the user clicks on the button, scroll to the top of the document\n    function btnTop() {\n        const pageLegend = document.querySelector('#multiCollapse1');\n        document.querySelector('html').classList.remove('overflow-hidden');\n        pageLegend.classList.remove('overflow-auto');\n        pageLegend.style.height = 'auto';\n        window.scrollTo({\n            top: 0,\n            behavior: 'smooth'\n        });\n    }\n\n    const handleScrollToTitle = (id) => {\n        const el = document.getElementById(id);\n        const headerHeightDifference = window.innerWidth < 992 ? -30 : -15;\n        window.scrollTo({\n            top: el.offsetTop - 60 - headerHeightDifference - 10,\n        });\n    }\n<\/script>\n\n<h2><span id=\"this_is_what_the_new_banshee_can_do_on_a_mac\">This is What the New Banshee Can Do on a Mac<\/span><\/h2>\n<p>The new version of Banshee is fully functional malware that can steal data and credentials from a wide range of browsers, including <strong>Chrome, Brave, Edge, Vivaldi, Yandex, <\/strong>and <strong>Opera<\/strong>.<\/p>\n<p>The stealer also targets <a href=\"https:\/\/www.techopedia.com\/definition\/13657\/multi-factor-authentication-mfa\">multi-factor authentication<\/a> (MFA) extensions, and crypto wallets such as <strong>Exodus, Electrum, Coinomi, Guarda, Wasabi, Atomic<\/strong>, and <strong>Ledger<\/strong>.<\/p>\n<figure id=\"attachment_377281\" aria-describedby=\"caption-attachment-377281\" style=\"width: 1200px\" class=\"wp-caption aligncenter\"><img decoding=\"async\" src=\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/01\/The-Banshee-Telegram-channel-is-still-active-today.jpg\" alt=\"The Banshee Telegram channel is still active today\" width=\"1200\" height=\"964\" class=\"wp-image-377281\" srcset=\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/01\/The-Banshee-Telegram-channel-is-still-active-today.jpg 1200w, https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/01\/The-Banshee-Telegram-channel-is-still-active-today-300x241.jpg 300w, https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/01\/The-Banshee-Telegram-channel-is-still-active-today-1024x823.jpg 1024w, https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/01\/The-Banshee-Telegram-channel-is-still-active-today-768x617.jpg 768w\" sizes=\"(max-width: 1200px) 100vw, 1200px\" \/><figcaption id=\"caption-attachment-377281\" class=\"wp-caption-text\">The Banshee Telegram channel is still active today. (Screenshot\/Techopedia)<\/figcaption><\/figure>\n<p>But Banshee does not stop there. It also steals system information, including software and hardware running in the breached machines and <a href=\"https:\/\/www.techopedia.com\/definition\/2435\/internet-protocol-address-ip-address\">IP<\/a> external addresses. It can even trick users into giving away their MacOS password through <strong>fake Mac system pop-up notifications<\/strong>.<\/p>\n<p>Identifying this malware was only possible due to a recent leak of Banshee&#8217;s source code on XXS Forums.<\/p>\n<p>Check Point researchers said:<\/p>\n<blockquote><p>&#8220;For over two months, this updated version of Banshee successfully evaded detection by most antivirus engines until its original code was leaked on XSS forums, allowing antivirus engines to detect its core functionality.&#8221;<\/p><\/blockquote>\n<p>The Check Point report adds that once the source code was leaked, the Banshee stealer-as-a-service operation was &#8216;shut down&#8217;.<\/p>\n<p>However, the &#8216;shutdown&#8217; seemed more of an distraction technique as the criminal gang continued distribution via <a href=\"https:\/\/www.techopedia.com\/definition\/4049\/phishing\">phishing<\/a> websites that posed as legitimate software download sites.<\/p>\n<h2><span id=\"how_does_banshee_use_apples_xprotect_anti-virus\">How Does Banshee Use Apple&#8217;s XProtect Anti-Virus?<\/span><\/h2>\n<p>Apple&#8217;s XProtect is one of the company&#8217;s main cybersecurity technologies. It is built into all Macs and used to detect malware. XProtect uses rules similar to <a href=\"https:\/\/www.techopedia.com\/definition\/4158\/virus-signature\">antivirus signatures<\/a>.<\/p>\n<p>These rules, &#8216;YARA rules,&#8217; are created by security researchers when they discover new malware operating in the wild. Companies like Apple use these rules to identify new <a href=\"https:\/\/www.techopedia.com\/definition\/4015\/malicious-software-malware\">malware<\/a> and block it, preventing it from running. Of course, this is an eternal cat-and-mouse game between criminals and cybersecurity experts.<\/p>\n<figure id=\"attachment_377278\" aria-describedby=\"caption-attachment-377278\" style=\"width: 1200px\" class=\"wp-caption aligncenter\"><img decoding=\"async\" src=\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/01\/A-YARA-rule-example-on-VirusTotal.jpg\" alt=\"A YARA rule example on VirusTotal\" width=\"1200\" height=\"674\" class=\"wp-image-377278\" srcset=\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/01\/A-YARA-rule-example-on-VirusTotal.jpg 1080w, https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/01\/A-YARA-rule-example-on-VirusTotal-300x169.jpg 300w, https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/01\/A-YARA-rule-example-on-VirusTotal-1024x576.jpg 1024w, https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/01\/A-YARA-rule-example-on-VirusTotal-768x432.jpg 768w\" sizes=\"(max-width: 1200px) 100vw, 1200px\" \/><figcaption id=\"caption-attachment-377278\" class=\"wp-caption-text\">A YARA rule example on VirusTotal. (Screenshot\/Techopedia)<\/figcaption><\/figure>\n<p>Check Point researchers tried to develop a YARA rule for Banshee and found that their rule generated a lot of false positives. This is when they came across something impressive. Check Point explains:<\/p>\n<blockquote><p>&#8220;We discovered that Banshee employs the same encryption method that Apple utilizes in macOS for string encryption within its antivirus engine, XProtect.&#8221;<\/p><\/blockquote>\n<p>Using Apple&#8217;s XProtect encryption, Banshee can scramble its strings and only decrypt them during execution, becoming a master of deception and bypassing standard static detection methods.<\/p>\n<p><a href=\"https:\/\/www.linkedin.com\/in\/jaron-bradley\/\" target=\"_blank\"><strong>Jaron Bradley<\/strong><\/a><strong>, Director of Threat Labs at <\/strong><a href=\"https:\/\/www.jamf.com\/\" target=\"_blank\"><strong>Jamf<\/strong><\/a>, an Apple-focused cybersecurity provider, discussed XProtect&#8217;s security rules with Techopedia:<\/p>\n<blockquote><p>&#8220;Banshee underscores that while Apple&#8217;s XProtect rules are effective at detecting known malware, they are closely monitored by malware authors, allowing them to adapt and evade detection in future iterations using creative methods.&#8221;<\/p><\/blockquote>\n<p>For users who have other <a href=\"https:\/\/www.techopedia.com\/antivirus\/best-antivirus-mac\">anti-malware solutions<\/a> running on their Macs, Banshee will likely trick their OS, confusing Banshee strings with Apple&#8217;s legitimate XProtect operations.<\/p>\n<p><strong>Ngoc Bui, a cybersecurity expert from <\/strong><a href=\"https:\/\/www.menlosecurity.com\/\" target=\"_blank\"><strong>Menlo Security<\/strong><\/a>, a browser cybersecurity company, spoke to Techopedia about how this impacts security and companies providing cybersecurity software for Apple users.<\/p>\n<blockquote><p>&#8220;Even leading (Endpoint Detection and Response) EDR solutions have limitations on Macs, leaving organizations with significant blind spots. We need a multi-layered approach to security, including more trained hunters on Mac environments.&#8221;<\/p><\/blockquote>\n<p>&#8220;This new Banshee Stealer variant exposes a critical gap in Mac security,&#8221; Bui said.<\/p>\n<p>&#8220;While companies are increasingly adopting Apple ecosystems, the security tools haven&#8217;t kept pace,&#8221; Bui said.<\/p>\n<figure id=\"attachment_377280\" aria-describedby=\"caption-attachment-377280\" style=\"width: 1200px\" class=\"wp-caption aligncenter\"><img decoding=\"async\" src=\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/01\/Privacyis1st-rings-the-alarm-on-Twitter-in-2024-on-Banshee-and-its-original-3000-price-tag.-Today-the-stealer-costs-half-of-that.jpg\" alt=\"Privacyis1st rings the alarm on Twitter in 2024 on Banshee and its original $3,000 price tag. Today the stealer costs half of that\" width=\"1200\" height=\"674\" class=\"wp-image-377280\" srcset=\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/01\/Privacyis1st-rings-the-alarm-on-Twitter-in-2024-on-Banshee-and-its-original-3000-price-tag.-Today-the-stealer-costs-half-of-that.jpg 1080w, https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/01\/Privacyis1st-rings-the-alarm-on-Twitter-in-2024-on-Banshee-and-its-original-3000-price-tag.-Today-the-stealer-costs-half-of-that-300x169.jpg 300w, https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/01\/Privacyis1st-rings-the-alarm-on-Twitter-in-2024-on-Banshee-and-its-original-3000-price-tag.-Today-the-stealer-costs-half-of-that-1024x576.jpg 1024w, https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/01\/Privacyis1st-rings-the-alarm-on-Twitter-in-2024-on-Banshee-and-its-original-3000-price-tag.-Today-the-stealer-costs-half-of-that-768x432.jpg 768w\" sizes=\"(max-width: 1200px) 100vw, 1200px\" \/><figcaption id=\"caption-attachment-377280\" class=\"wp-caption-text\">Privacyis1st rings the alarm on Twitter in 2024 on Banshee and its original $3,000 price tag. Today the stealer costs half of that. (Screenshot\/Techopedia)<\/figcaption><\/figure>\n<p>Banshee is distributed via malicious GitHub repositories. Criminal campaigns using this malware often work with the Lumma Stealer, which targets Windows. This allows them to create fake websites and hack victims regardless of their OS.<\/p>\n<h2><span id=\"how_to_keep_your_mac_safe_from_banshee\">How to Keep Your Mac Safe from Banshee<\/span><\/h2>\n<p>Fortunately, despite its advanced engineering, the Banshee stealer still depends on <a href=\"https:\/\/www.techopedia.com\/definition\/social-engineering\">social engineering<\/a>. This means that users need to click on suspicious links, navigate to fake software download sites, and download the malware themselves. Therefore, knowing how Banshee works should help users be more cautious when downloading files online.<\/p>\n<p>Updating your Mac is also essential. As mentioned, <a href=\"https:\/\/www.techopedia.com\/definition\/24747\/cybersecurity\">cybersecurity<\/a> researchers are constantly discovering new malware affecting Apple devices and creating security rules for these.<\/p>\n<p>When Apple releases a security update, these new rules are integrated into XProtect, which is how your Mac detects dangerous activity. Therefore, always keep your Mac and all of your software up to date.<\/p>\n<p>We recommend that security teams, experts, and developers check out the <a href=\"https:\/\/research.checkpoint.com\/2025\/banshee-macos-stealer-that-stole-code-from-macos-xprotect\/\" target=\"_blank\">full Check Point report<\/a>. The report includes a detailed technical analysis and Indicators of Compromise.<\/p>\n<figure id=\"attachment_377279\" aria-describedby=\"caption-attachment-377279\" style=\"width: 1200px\" class=\"wp-caption aligncenter\"><img decoding=\"async\" src=\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/01\/Banshee-source-code-leaked-on-GitHub-two-months-ago.jpg\" alt=\"Banshee source code leaked on GitHub two months ago\" width=\"1200\" height=\"674\" class=\"wp-image-377279\" srcset=\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/01\/Banshee-source-code-leaked-on-GitHub-two-months-ago.jpg 1080w, https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/01\/Banshee-source-code-leaked-on-GitHub-two-months-ago-300x169.jpg 300w, https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/01\/Banshee-source-code-leaked-on-GitHub-two-months-ago-1024x576.jpg 1024w, https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/01\/Banshee-source-code-leaked-on-GitHub-two-months-ago-768x432.jpg 768w\" sizes=\"(max-width: 1200px) 100vw, 1200px\" \/><figcaption id=\"caption-attachment-377279\" class=\"wp-caption-text\">Banshee source code leaked on GitHub two months ago. (Screenshot\/Techopedia)<\/figcaption><\/figure>\n<h2><span id=\"the_bottom_line\">The Bottom Line<\/span><\/h2>\n<p>Banshee was already a problem in 2024. Now, with this new version, it has improved its attack success rates. The active development and distribution of this malware signal to a well-resourced and technically talented criminal-as-a-service gang.<\/p>\n<p>Apple&#8217;s reputation for immune security is long gone. While enterprises worldwide adopt Apple environments, cybercriminals actively develop a wave of MacOS stealers.<\/p>\n<h2><span id=\"faqs\">FAQs<\/span><\/h2>\n<div class=\"man_faq_sec\" itemscope itemtype=\"https:\/\/schema.org\/FAQPage\"><\/time><section class=\"ms_faq ms_card \" ><div itemscope itemprop=\"mainEntity\" itemtype=\"https:\/\/schema.org\/Question\"><div class=\"accordionButton\"><h3 itemprop=\"name\">What is the Banshee stealer malware?<\/h3> <\/div>\n<div class=\"accordionContent\" itemscope itemprop=\"acceptedAnswer\" itemtype=\"https:\/\/schema.org\/Answer\" style=\"display:none;\"><p itemprop=\"text\">Banshee is a macOS malware that uses Apple&#8217;s XProtect encryption to evade detection, targeting crypto wallets, credentials, and system data.<\/p>\r\n                <\/div><\/div><\/section>\n<section class=\"ms_faq ms_card \" ><div itemscope itemprop=\"mainEntity\" itemtype=\"https:\/\/schema.org\/Question\"><div class=\"accordionButton\"><h3 itemprop=\"name\">How does Banshee malware infect Macs?<\/h3> <\/div>\n<div class=\"accordionContent\" itemscope itemprop=\"acceptedAnswer\" itemtype=\"https:\/\/schema.org\/Answer\" style=\"display:none;\"><p itemprop=\"text\">Banshee relies on social engineering tactics like phishing sites and fake software downloads to trick users into installing the malware.<\/p>\r\n                <\/div><\/div><\/section>\n<section class=\"ms_faq ms_card \" ><div itemscope itemprop=\"mainEntity\" itemtype=\"https:\/\/schema.org\/Question\"><div class=\"accordionButton\"><h3 itemprop=\"name\">Why is Banshee difficult to detect?<\/h3> <\/div>\n<div class=\"accordionContent\" itemscope itemprop=\"acceptedAnswer\" itemtype=\"https:\/\/schema.org\/Answer\" style=\"display:none;\"><p itemprop=\"text\">Banshee uses Apple&#8217;s XProtect encryption to scramble its code, making it harder for traditional antivirus engines to identify it.<\/p>\r\n                <\/div><\/div><\/section>\n<section class=\"ms_faq ms_card \" ><div itemscope itemprop=\"mainEntity\" itemtype=\"https:\/\/schema.org\/Question\"><div class=\"accordionButton\"><h3 itemprop=\"name\">What can Banshee steal from a Mac?<\/h3> <\/div>\n<div class=\"accordionContent\" itemscope itemprop=\"acceptedAnswer\" itemtype=\"https:\/\/schema.org\/Answer\" style=\"display:none;\"><p itemprop=\"text\">Banshee can steal browser data, crypto wallet credentials, system information, and even Mac passwords through fake pop-up notifications.<\/p>\r\n                <\/div><\/div><\/section>\n<section class=\"ms_faq ms_card \" ><div itemscope itemprop=\"mainEntity\" itemtype=\"https:\/\/schema.org\/Question\"><div class=\"accordionButton\"><h3 itemprop=\"name\">How can I protect my Mac from Banshee?<\/h3> <\/div>\n<div class=\"accordionContent\" itemscope itemprop=\"acceptedAnswer\" itemtype=\"https:\/\/schema.org\/Answer\" style=\"display:none;\"><p itemprop=\"text\">Keep macOS and all software updated, avoid suspicious downloads, and use multi-layered security solutions for enhanced protection.<\/p>\r\n                <\/div><\/div><\/section>\n<section class=\"ms_faq ms_card \" ><div itemscope itemprop=\"mainEntity\" itemtype=\"https:\/\/schema.org\/Question\"><div class=\"accordionButton\"><h3 itemprop=\"name\">What industries are most at risk from Banshee?<\/h3> <\/div>\n<div class=\"accordionContent\" itemscope itemprop=\"acceptedAnswer\" itemtype=\"https:\/\/schema.org\/Answer\" style=\"display:none;\"><p itemprop=\"text\">Industries using macOS devices, especially those handling sensitive data like finance or healthcare, are at higher risk from Banshee malware.<\/p>\r\n                <\/div><\/div><\/section>\n<div class=\"reference-content\">\n<div class=\"reference-heading reference-content-collapsible-heading\">\n<h2><span id=\"references\">References<\/span><\/h2>\n<\/div>\n<div class=\"reference-content-body\">\n<ol>\n<li><a href=\"https:\/\/research.checkpoint.com\/2025\/banshee-macos-stealer-that-stole-code-from-macos-xprotect\/\" target=\"_blank\">Banshee: The Stealer That &#8220;Stole Code&#8221; From MacOS XProtect<\/a> (Check Point Research)<\/li>\n<li><a href=\"https:\/\/www.linkedin.com\/in\/jaron-bradley\/\" target=\"_blank\">Jaron Bradley &#8211; Jamf<\/a> (LinkedIn)<\/li>\n<li><a href=\"https:\/\/www.jamf.com\/\" target=\"_blank\">Manage and secure Apple at work<\/a>\u00a0(Jamf)<\/li>\n<li><a href=\"https:\/\/www.menlosecurity.com\/\" target=\"_blank\">Make every browser an enterprise browser<\/a> (Menlo Security)<\/li>\n<\/ol>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>The macOS stealer Banshee has resurfaced with a dangerous new update. The stealer now builds off Apple&#8217;s built-in anti-malware technology, making it hard to detect and efficient in its digital heists. Banshee has been linked to the Russian cybercriminal industry and emerged rather recently in mid-2024. In that time, the stealer has been continuously under [&hellip;]<\/p>\n","protected":false},"author":286688,"featured_media":377277,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_lmt_disableupdate":"no","_lmt_disable":"","om_disable_all_campaigns":false,"footnotes":""},"categories":[585],"tags":[],"category_partsoff":[],"class_list":["post-377272","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-threats"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v24.2 (Yoast SEO v24.5) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Banshee \u2018Steals\u2019 Apple\u2019s Encryption To Empty Your Wallets - Techopedia<\/title>\n<meta name=\"description\" content=\"The Banshee stealer has been updated and now uses Apple\u2019s own tech for enhanced stealth, obfuscation, and attack success.\" \/>\n<meta name=\"robots\" content=\"noindex, follow\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Banshee \u2018Steals\u2019 Apple\u2019s Encryption To Empty Your Wallets\" \/>\n<meta property=\"og:description\" content=\"The Banshee stealer has been updated and now uses Apple\u2019s own tech for enhanced stealth, obfuscation, and attack success.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.techopedia.com\/banshee-steals-apple-encryption-to-empty-your-wallets\" \/>\n<meta property=\"og:site_name\" content=\"Techopedia\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/techopedia\/\" \/>\n<meta property=\"article:published_time\" content=\"2025-01-13T16:54:18+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/01\/Banshee-\u2018Steals-Apples-Encryption-To-Empty-Your-Wallets.-Techopedia.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"686\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Ray Fernandez\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@techopedia\" \/>\n<meta name=\"twitter:site\" content=\"@techopedia\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ray Fernandez\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.techopedia.com\/banshee-steals-apple-encryption-to-empty-your-wallets#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.techopedia.com\/banshee-steals-apple-encryption-to-empty-your-wallets\"},\"author\":{\"name\":\"Ray Fernandez\",\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/person\/687890072e5e44867899acd7d6176e6c\"},\"headline\":\"Banshee \u2018Steals\u2019 Apple\u2019s Encryption To Empty Your Wallets\",\"datePublished\":\"2025-01-13T16:54:18+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.techopedia.com\/banshee-steals-apple-encryption-to-empty-your-wallets\"},\"wordCount\":1318,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.techopedia.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.techopedia.com\/banshee-steals-apple-encryption-to-empty-your-wallets#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/01\/Banshee-\u2018Steals-Apples-Encryption-To-Empty-Your-Wallets.-Techopedia.webp\",\"articleSection\":\"\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.techopedia.com\/banshee-steals-apple-encryption-to-empty-your-wallets#respond\"]}],\"copyrightYear\":\"2025\",\"copyrightHolder\":{\"@id\":\"https:\/\/www.techopedia.com\/#organization\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.techopedia.com\/banshee-steals-apple-encryption-to-empty-your-wallets\",\"url\":\"https:\/\/www.techopedia.com\/banshee-steals-apple-encryption-to-empty-your-wallets\",\"name\":\"Banshee \u2018Steals\u2019 Apple\u2019s Encryption To Empty Your Wallets - Techopedia\",\"isPartOf\":{\"@id\":\"https:\/\/www.techopedia.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.techopedia.com\/banshee-steals-apple-encryption-to-empty-your-wallets#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.techopedia.com\/banshee-steals-apple-encryption-to-empty-your-wallets#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/01\/Banshee-\u2018Steals-Apples-Encryption-To-Empty-Your-Wallets.-Techopedia.webp\",\"datePublished\":\"2025-01-13T16:54:18+00:00\",\"description\":\"The Banshee stealer has been updated and now uses Apple\u2019s own tech for enhanced stealth, obfuscation, and attack success.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.techopedia.com\/banshee-steals-apple-encryption-to-empty-your-wallets#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.techopedia.com\/banshee-steals-apple-encryption-to-empty-your-wallets\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.techopedia.com\/banshee-steals-apple-encryption-to-empty-your-wallets#primaryimage\",\"url\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/01\/Banshee-\u2018Steals-Apples-Encryption-To-Empty-Your-Wallets.-Techopedia.webp\",\"contentUrl\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/01\/Banshee-\u2018Steals-Apples-Encryption-To-Empty-Your-Wallets.-Techopedia.webp\",\"width\":1200,\"height\":686,\"caption\":\"Banshee \u2018Steals\u2019 Apple\u2019s Encryption To Empty Your Wallets\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.techopedia.com\/banshee-steals-apple-encryption-to-empty-your-wallets#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.techopedia.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybersecurity\",\"item\":\"https:\/\/www.techopedia.com\/topic\/4\/cybersecurity\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Cyber Threats\",\"item\":\"https:\/\/www.techopedia.com\/topic\/220\/cyber-threats\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Banshee \u2018Steals\u2019 Apple\u2019s Encryption To Empty Your Wallets\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.techopedia.com\/#website\",\"url\":\"https:\/\/www.techopedia.com\/\",\"name\":\"Techopedia\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.techopedia.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.techopedia.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.techopedia.com\/#organization\",\"name\":\"Techopedia\",\"url\":\"https:\/\/www.techopedia.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/02\/techopedia-light-logo.svg\",\"contentUrl\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/02\/techopedia-light-logo.svg\",\"caption\":\"Techopedia\"},\"image\":{\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/techopedia\/\",\"https:\/\/x.com\/techopedia\",\"https:\/\/www.linkedin.com\/company\/techopedia\/\",\"https:\/\/www.youtube.com\/c\/Techopedia\"],\"publishingPrinciples\":\"https:\/\/www.techopedia.com\/about\/editorial-policy\",\"ownershipFundingInfo\":\"https:\/\/www.techopedia.com\/about\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/person\/687890072e5e44867899acd7d6176e6c\",\"name\":\"Ray Fernandez\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/10\/avatar_user_286688_1698354675-300x300.jpg\",\"contentUrl\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/10\/avatar_user_286688_1698354675-300x300.jpg\",\"caption\":\"Ray Fernandez\"},\"description\":\"Ray is an independent journalist with 15 years of experience, focusing on the intersection of technology with various aspects of life and society. He joined Techopedia in 2023 after publishing in numerous media, including Microsoft, TechRepublic, Moonlock, Hackermoon, VentureBeat, Entrepreneur, and ServerWatch. He holds a degree in Journalism from Oxford Distance Learning and two specializations from FUNIBER in Environmental Science and Oceanography. When Ray is not working, you can find him making music, playing sports, and traveling with his wife and three kids.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/ray-fernandez\/\"],\"knowsAbout\":[\"Senior Technology Journalist\"],\"url\":\"https:\/\/www.techopedia.com\/contributors\/rayfernandez\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Banshee \u2018Steals\u2019 Apple\u2019s Encryption To Empty Your Wallets - Techopedia","description":"The Banshee stealer has been updated and now uses Apple\u2019s own tech for enhanced stealth, obfuscation, and attack success.","robots":{"index":"noindex","follow":"follow"},"og_locale":"en_US","og_type":"article","og_title":"Banshee \u2018Steals\u2019 Apple\u2019s Encryption To Empty Your Wallets","og_description":"The Banshee stealer has been updated and now uses Apple\u2019s own tech for enhanced stealth, obfuscation, and attack success.","og_url":"https:\/\/www.techopedia.com\/banshee-steals-apple-encryption-to-empty-your-wallets","og_site_name":"Techopedia","article_publisher":"https:\/\/www.facebook.com\/techopedia\/","article_published_time":"2025-01-13T16:54:18+00:00","og_image":[{"width":1200,"height":686,"url":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/01\/Banshee-\u2018Steals-Apples-Encryption-To-Empty-Your-Wallets.-Techopedia.webp","type":"image\/webp"}],"author":"Ray Fernandez","twitter_card":"summary_large_image","twitter_creator":"@techopedia","twitter_site":"@techopedia","twitter_misc":{"Written by":"Ray Fernandez","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.techopedia.com\/banshee-steals-apple-encryption-to-empty-your-wallets#article","isPartOf":{"@id":"https:\/\/www.techopedia.com\/banshee-steals-apple-encryption-to-empty-your-wallets"},"author":{"name":"Ray Fernandez","@id":"https:\/\/www.techopedia.com\/#\/schema\/person\/687890072e5e44867899acd7d6176e6c"},"headline":"Banshee \u2018Steals\u2019 Apple\u2019s Encryption To Empty Your Wallets","datePublished":"2025-01-13T16:54:18+00:00","mainEntityOfPage":{"@id":"https:\/\/www.techopedia.com\/banshee-steals-apple-encryption-to-empty-your-wallets"},"wordCount":1318,"commentCount":0,"publisher":{"@id":"https:\/\/www.techopedia.com\/#organization"},"image":{"@id":"https:\/\/www.techopedia.com\/banshee-steals-apple-encryption-to-empty-your-wallets#primaryimage"},"thumbnailUrl":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/01\/Banshee-\u2018Steals-Apples-Encryption-To-Empty-Your-Wallets.-Techopedia.webp","articleSection":"","inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.techopedia.com\/banshee-steals-apple-encryption-to-empty-your-wallets#respond"]}],"copyrightYear":"2025","copyrightHolder":{"@id":"https:\/\/www.techopedia.com\/#organization"}},{"@type":"WebPage","@id":"https:\/\/www.techopedia.com\/banshee-steals-apple-encryption-to-empty-your-wallets","url":"https:\/\/www.techopedia.com\/banshee-steals-apple-encryption-to-empty-your-wallets","name":"Banshee \u2018Steals\u2019 Apple\u2019s Encryption To Empty Your Wallets - Techopedia","isPartOf":{"@id":"https:\/\/www.techopedia.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.techopedia.com\/banshee-steals-apple-encryption-to-empty-your-wallets#primaryimage"},"image":{"@id":"https:\/\/www.techopedia.com\/banshee-steals-apple-encryption-to-empty-your-wallets#primaryimage"},"thumbnailUrl":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/01\/Banshee-\u2018Steals-Apples-Encryption-To-Empty-Your-Wallets.-Techopedia.webp","datePublished":"2025-01-13T16:54:18+00:00","description":"The Banshee stealer has been updated and now uses Apple\u2019s own tech for enhanced stealth, obfuscation, and attack success.","breadcrumb":{"@id":"https:\/\/www.techopedia.com\/banshee-steals-apple-encryption-to-empty-your-wallets#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.techopedia.com\/banshee-steals-apple-encryption-to-empty-your-wallets"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.techopedia.com\/banshee-steals-apple-encryption-to-empty-your-wallets#primaryimage","url":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/01\/Banshee-\u2018Steals-Apples-Encryption-To-Empty-Your-Wallets.-Techopedia.webp","contentUrl":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/01\/Banshee-\u2018Steals-Apples-Encryption-To-Empty-Your-Wallets.-Techopedia.webp","width":1200,"height":686,"caption":"Banshee \u2018Steals\u2019 Apple\u2019s Encryption To Empty Your Wallets"},{"@type":"BreadcrumbList","@id":"https:\/\/www.techopedia.com\/banshee-steals-apple-encryption-to-empty-your-wallets#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.techopedia.com\/"},{"@type":"ListItem","position":2,"name":"Cybersecurity","item":"https:\/\/www.techopedia.com\/topic\/4\/cybersecurity"},{"@type":"ListItem","position":3,"name":"Cyber Threats","item":"https:\/\/www.techopedia.com\/topic\/220\/cyber-threats"},{"@type":"ListItem","position":4,"name":"Banshee \u2018Steals\u2019 Apple\u2019s Encryption To Empty Your Wallets"}]},{"@type":"WebSite","@id":"https:\/\/www.techopedia.com\/#website","url":"https:\/\/www.techopedia.com\/","name":"Techopedia","description":"","publisher":{"@id":"https:\/\/www.techopedia.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.techopedia.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.techopedia.com\/#organization","name":"Techopedia","url":"https:\/\/www.techopedia.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.techopedia.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/02\/techopedia-light-logo.svg","contentUrl":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/02\/techopedia-light-logo.svg","caption":"Techopedia"},"image":{"@id":"https:\/\/www.techopedia.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/techopedia\/","https:\/\/x.com\/techopedia","https:\/\/www.linkedin.com\/company\/techopedia\/","https:\/\/www.youtube.com\/c\/Techopedia"],"publishingPrinciples":"https:\/\/www.techopedia.com\/about\/editorial-policy","ownershipFundingInfo":"https:\/\/www.techopedia.com\/about"},{"@type":"Person","@id":"https:\/\/www.techopedia.com\/#\/schema\/person\/687890072e5e44867899acd7d6176e6c","name":"Ray Fernandez","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.techopedia.com\/#\/schema\/person\/image\/","url":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/10\/avatar_user_286688_1698354675-300x300.jpg","contentUrl":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/10\/avatar_user_286688_1698354675-300x300.jpg","caption":"Ray Fernandez"},"description":"Ray is an independent journalist with 15 years of experience, focusing on the intersection of technology with various aspects of life and society. He joined Techopedia in 2023 after publishing in numerous media, including Microsoft, TechRepublic, Moonlock, Hackermoon, VentureBeat, Entrepreneur, and ServerWatch. He holds a degree in Journalism from Oxford Distance Learning and two specializations from FUNIBER in Environmental Science and Oceanography. When Ray is not working, you can find him making music, playing sports, and traveling with his wife and three kids.","sameAs":["https:\/\/www.linkedin.com\/in\/ray-fernandez\/"],"knowsAbout":["Senior Technology Journalist"],"url":"https:\/\/www.techopedia.com\/contributors\/rayfernandez"}]}},"modified_by":"kseniachapchikova","_links":{"self":[{"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/posts\/377272","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/users\/286688"}],"replies":[{"embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/comments?post=377272"}],"version-history":[{"count":6,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/posts\/377272\/revisions"}],"predecessor-version":[{"id":377285,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/posts\/377272\/revisions\/377285"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/media\/377277"}],"wp:attachment":[{"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/media?parent=377272"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/categories?post=377272"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/tags?post=377272"},{"taxonomy":"category_partsoff","embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/category_partsoff?post=377272"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}