Kaspersky Labs has uncovered sophisticated targeted malware campaign MacOS users that download pirated apps. The malware specifically targets newer operating systems, macOS versions 13.6 and later, and is designed to infiltrate users’ computers through compromised software installers. Once inside, it replaces legitimate Bitcoin and Exodus crypto wallets with infected versions.
The infection mode includes compromised disk images containing an “activator” and the desired application. The malware is latent until the user runs the activator, which requires the user to enter their password. This sneaky tactic ensures that users inadvertently activate the compromised app. The malware then executes a Python script that runs continuously, attempting to download additional stages of the infection. This script has dual functions: it executes arbitrary commands from a server and checks for cryptocurrency wallet applications, which it then replaces with malicious versions.
The ingenuity of this malware lies in its simplicity and effectiveness. By manipulating executable files of legitimate applications to render them non-functional until the activator is run, hackers ensure that users are tricked into installing malware. Once activated, the malware can execute any script with administrator privileges, including replacing the Exodus and Bitcoin crypto wallet apps with versions that steal recovery passphrases
To protect against this evolving threat, Kaspersky researchers emphasize the importance of downloading applications only from official stores such as the Apple App Store. They also recommend installing a robust security solution, regularly updating your operating system and applications, and using strong, unique passwords for different accounts. It’s also crucial to protect your opening phrase when setting up hardware wallets.
This malware campaign is a stark reminder of the risks associated with downloading pirated apps. It highlights the continuous innovation of hackers in developing tactics to compromise cryptocurrency users. Users are advised to exercise caution and implement robust security measures to protect their digital assets.
Image source: Shutterstock