Kaspersky warns of new MacOS malware aiming at crypto wallets
Kaspersky urges MacOS users to be cautious, steer clear of dubious websites, and employ reliable cybersecurity measures in response to a new malware targeting MacOS versions 13.6 and higher.
The malware, discovered by the cybersecurity firm, is particularly dangerous as it aims to deceive Bitcoin and Exodus wallet users into downloading a fake, malicious version of their software.
According to Kaspersky, the newly discovered malware spreads through pirated applications, diverging from usual proxy trojans or remote control software by specifically targeting wallet applications.
“Cybercriminals […] realize that an individual looking for a cracked app will be willing to download an installer from a questionable website and disable security on their machine, and so they will be fairly easy to trick into installing malware as well.”
The Trojan in question stands out by using DNS records to deliver a malicious Python script, a method unseen in previous attacks.
Remarkably, this malware doesn’t just steal crypto wallet data; it replaces the actual wallet application with a counterfeit version. This allows the attackers to gain access to the secret phrases needed to access the cryptocurrencies stored within these wallets.
The threat is reported to target macOS versions 13.6 and above, regardless of whether they are running on Intel or Apple Silicon hardware.
Sergey Puzan, a security researcher at Kaspersky, notes the innovative approach of hiding a Python script within a DNS server’s record, which makes the malware harder to detect in network traffic. He advises users to exercise extreme caution with their cryptocurrency wallets, recommending downloading from trusted sources like the Apple App Store, keeping operating systems updated, and employing security solutions as key practices to minimize risk.
The latest malware threat is part of a larger trend of increasing cyber-attacks focused on cryptocurrency. For instance, North Korean hackers have been using sophisticated deception tactics, including impersonating journalists and government agencies, to gain access to Bitcoin wallets.
In an incident reported by crypto.news in November 2023, these hackers managed to deceive 19 victims, leading to significant theft of cryptocurrencies.
Furthermore, in June of the same year, Elliptic Connect reported that the Lazarus group, tied to North Korea, stole over $35 million in various cryptocurrencies, including USDT, XRP, Cardano, and Dogecoin, from users of Atomic Wallet.