Kaspersky Labs has uncovered a sophisticated malware campaign targeting MacOS users who download pirated apps. The malware specifically targets newer operating systems, macOS versions 13.6 and above, and is crafted to infiltrate users’ computers through compromised software installers. Once inside, it replaces legitimate Bitcoin and Exodus crypto wallets with infected versions.
The mode of infection involves compromised disk images containing an "activator" and the desired application. The malware lies dormant until the user runs the activator, which requires entering the user's password. This sneaky tactic ensures that users unwittingly activate the compromised application. The malware then executes a Python script, which runs continuously, attempting to download further stages of infection. This script has dual functions: executing arbitrary commands from a server and checking for the presence of cryptocurrency wallet applications, which it then replaces with malicious versions.
The ingenuity of this malware lies in its simplicity and effectiveness. By manipulating executable files of legitimate applications to make them non-functional until the activator is run, hackers ensure that users are tricked into installing the malware. Once activated, the malware can execute any script with administrator privileges, including replacing Exodus and Bitcoin crypto wallet applications with versions that steal secret recovery phrases.
To protect against this evolving threat, Kaspersky researchers emphasize the importance of downloading apps only from official stores like the Apple App Store. They also recommend installing a trusted security solution, updating the operating system and apps regularly, and using strong, unique passwords for different accounts. Additionally, it is crucial to secure your seed phrase when setting up hardware wallets.
This malware campaign is a stark reminder of the risks associated with downloading pirated applications. It highlights the continuous innovation by hackers in developing tactics to compromise cryptocurrency users. Users are advised to exercise caution and implement robust security measures to protect their digital assets.
Image source: Shutterstock