Kaspersky has uncovered sophisticated malware designed to target MacOS users engaged in cryptocurrency transactions.
The malware poses a significant threat to those utilizing Bitcoin and Exodus wallets, prompting Kaspersky to warn the MacOS community.
MacOS Trojan Hijacks Crypto Wallets
The malicious software, identified by Kaspersky researchers, employs a novel approach by deceiving users into downloading a counterfeit version of their wallet applications.
Unlike typical cyber threats, this malware doesn’t rely on proxy trojans or remote control software. Instead, it leverages pirated applications to infiltrate MacOS versions 13.6 and higher.
Our experts review a new #macOS backdoor exploiting cracked software, targeting #Bitcoin & #Exodus wallets. This malicious software replaces the wallets with #malware, deploying a potent backdoor running scripts with admin privileges.
— Kaspersky (@kaspersky) January 22, 2024
According to Kaspersky, cybercriminals are capitalizing on the vulnerability of users seeking cracked applications. These individuals are likelier to download installers from questionable websites and disable security protocols on their machines, making them susceptible to malware installation.
What sets this Trojan apart is its use of DNS records to deliver a malicious Python script, a technique not previously observed in similar attacks. This innovative method enhances the malware’s stealth, making it harder to detect in network traffic.
Sergey Puzan, a security researcher at Kaspersky, emphasized the importance of user vigilance in the face of this evolving threat. Puzan recommended cautious practices such as downloading cryptocurrency wallets only from trusted sources like the Apple App Store, keeping operating systems updated, and employing reliable security solutions.
Threatening Wallet Security
The severity of this malware lies not only in its ability to steal crypto wallet data but also in its capacity to replace legitimate wallet applications with counterfeit versions. This allows attackers to access the secret phrases required to unlock and access cryptocurrencies stored within these wallets.
Worryingly, the threat is not limited to a specific hardware configuration, affecting macOS versions 13.6 and above, whether they run on Intel or Apple Silicon hardware.
This discovery comes amid a broader trend of increasing cyber-attacks targeting cryptocurrency users. Notably, North Korean hackers have been employing sophisticated tactics, including impersonating journalists and government agencies, to gain access to Bitcoin wallets. In a November 2023 incident, 19 victims fell prey to such tactics, resulting in significant cryptocurrency theft.
In a separate attack in June of the same year, the Lazarus group, associated with North Korea, successfully stole over $35 million in various cryptocurrencies, including USDT, XRP, Cardano, and Dogecoin, from users of Atomic Wallet, as reported by Elliptic Connect.
TapTax - Cardano Crypto Taxes Made Simple. Available Now!
Simplify your Crypto Tax experience! From a passive holder, to day trader, to NFT project, we have your taxes covered.BUY NOW!