Banshee: The Malware That Exploits Apple’s Own Security to Target Your Wallet
This sinister tool has ties to the Russian cybercrime world and first appeared in mid-2024. Since then, it has been continuously developed, leaked on GitHub, reverse-engineered, and now re-emerged with even more sophisticated capabilities.
%20(6).jpg "Banshee: The Malware That Exploits Apple’s Own Security to Target Your Wallet")
The masterminds behind Banshee have also adjusted their strategy, slashing its price from $3,000 in 2024 to $1,500 as of January 2025. This price drop shows their intent to expand operations and target a broader audience.
A New Threat Under the Radar
On January 9, researchers from Check Point revealed that the latest version of Banshee had been quietly operating for the past two months without detection. It cleverly uses Apple’s XProtect encryption, a security measure designed to combat malware, to evade antivirus programs.
Techopedia delves into how Banshee works, its impact, and what experts and anti-malware providers are saying about this growing threat.
- Banshee’s Target: The stealer focuses on crypto wallets, sensitive data, and uses social engineering to trick users into compromising their systems.
- Cost Reduction: Its lower price points to an expanding operation aimed at a larger pool of victims.
- Defense Strategies: Staying cautious, avoiding suspicious links or downloads, and maintaining updated software are critical to minimizing risks.
What Can the New Banshee Do?
The upgraded Banshee is not just another malware. It’s a fully functional tool capable of stealing data and credentials from popular browsers like Chrome, Brave, Edge, Vivaldi, Yandex, and Opera.
It also targets multi-factor authentication (MFA) extensions and popular crypto wallets such as Exodus, Electrum, Coinomi, and Ledger.
 |
| The Banshee Telegram channel is still active today. (Screenshot/Growthy.web) |
But it doesn’t stop there. Banshee can also collect system information, including details about software and hardware on the affected device, and even external IP addresses. To top it off, it uses fake macOS pop-up notifications to trick users into revealing their Mac passwords.
Researchers at Check Point uncovered these activities after Banshee’s source code was leaked on a forum, which finally allowed antivirus engines to detect its malicious behavior.
However, this leak turned out to be a diversion. Criminals continued distributing Banshee through phishing sites disguised as legitimate software download platforms.
How Banshee Exploits Apple’s Own Security
Apple’s XProtect, a key cybersecurity tool in macOS, is designed to detect malware using unique rules called “YARA rules.” When new malware is identified, researchers create these rules to help block it.
Banshee cleverly mimics Apple’s XProtect encryption methods, scrambling its malicious code and decrypting it only during execution. This trick allows it to avoid being flagged during standard antivirus scans.
 |
| A YARA rule example on VirusTotal. (Screenshot/Growthy.web) |
Jaron Bradley, Director of Threat Labs at Jamf, shared his perspective:
“While Apple’s XProtect rules are effective against known threats, malware developers are always watching and adapting. Banshee is a perfect example of how they evolve to bypass detection.”
For users relying on additional antivirus tools, Banshee can still fool these systems, disguising its malicious operations as legitimate Apple processes.
Ngoc Bui, a cybersecurity expert at Menlo Security, emphasized the challenge:
“Even the best Endpoint Detection and Response (EDR) solutions struggle with macOS, leaving critical gaps in security. A multi-layered defense is essential to address these vulnerabilities.”
 |
| Privacyis1st rings the alarm on Twitter in 2024 on Banshee and its original $3,000 price tag. Today the stealer costs half of that. (Screenshot/Growthy.web) |
How to Protect Yourself
Despite its sophistication, Banshee still relies on social engineering. This means users must interact with malicious links or download infected files for the malware to succeed.
Here’s how you can stay safe:
- Be Cautious Online: Avoid clicking on suspicious links or visiting questionable websites.
- Keep Software Updated: Apple frequently updates XProtect with new security rules, so ensure your macOS and apps are up to date.
- Use Multi-Layered Security: Employ additional security tools and practices to enhance your defense.
 |
| Banshee source code leaked on GitHub two months ago. (Screenshot/Growthy.web) |
For a deeper dive, Check Point’s full report provides technical insights and Indicators of Compromise (IoCs).
Final Thoughts
Banshee has evolved into a formidable threat. Its ability to exploit Apple’s own security systems and evade detection highlights the increasing sophistication of cybercriminals.
As Apple’s popularity among enterprises grows, so does the target on its back. The days of assuming macOS is immune to malware are over. Staying vigilant, informed, and proactive is the best way to combat threats like Banshee.
%20(6).jpg&description=Banshee: The Malware That Exploits Apple’s Own Security to Target Your Wallet){kind=link}