- Kaspersky discovered a new macOS malware targeting crypto stored in digital wallets.
- The malware replaces legitimate wallet applications with infected versions.
- Mac users are warned to download apps from official stores and implement security measures.
In a recent discovery, cybersecurity researchers at Kaspersky have identified a new strain of macOS malware specifically designed to target crypto stored in digital wallets on Apple devices.
According to Kaspersky, this crypto trojan stands out for two distinct reasons. Firstly, it employs DNS records as a means to deliver its malicious Python script. Secondly, it diverges from the conventional approach of merely stealing from crypto wallets; instead, it replaces a wallet application with its infected version. The report noted that this tactic enables the Trojan to extract the secret phrase required to access the crypto stored in the wallets.
Specifically, the malware targets macOS versions 13.6 and above, spanning both Intel and Apple Silicon devices. Kaspersky underscored that the focus category suggests a deliberate priority for users of newer operating systems.
The compromised disk images contain an “activator” alongside the targeted application. This activator, “benign” in appearance, activates the compromised application only after the user unwittingly enters their password.
Meanwhile, the attackers employ pre-compromised application iterations, manipulating the executable files to render them non-functional until the user initiates the activator. This strategic maneuver guarantees that the user inadvertently triggers the compromised application.
Following the patching process, the malware initiates its core payload, with the script persistently attempting to download the subsequent stage of the infection chain. Popular wallets such as Bitcoin and Exodus have been targeted, turning these trusted applications into malicious entities.
Sergey Puzan, a security researcher at Kaspersky, stressed the risks associated with pirated software, stating:
Cybercriminals use pirated apps to easily access users’ computers and get admin privileges by asking them to enter the password.
To safeguard against such Trojans and protect crypto assets, Kaspersky researchers recommend downloading apps exclusively from official stores. While not foolproof, these platforms undergo some level of scrutiny.
Additionally, users are advised to install trusted security solutions, regularly update their operating systems and apps, secure their seed phrases, and use strong, unique passwords.
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.
