- January 24, 2024
- Posted by: [email protected]
- Category:
Cybersecurity firm Kaspersky Labs has unearthed a new strain of malware meticulously crafted to target macOS users, specifically focusing on compromising Bitcoin and Exodus wallets. According to a press release issued on Monday, the malware is disseminated through pirated software and cunningly replaces authentic wallet applications with infected counterparts.
The cybersecurity researchers at Kaspersky believe that the hackers responsible for this malware are in the process of developing it for an impending campaign. The discovery was made in December when the researchers stumbled upon a new family of trojan proxies deployed by the hackers.
The perpetrators of this malware exploited cracked versions of legitimate applications sourced from unauthorized platforms, capitalizing on users who opted to disable security measures and download software from dubious websites. The malware zeroes in on macOS versions 13.6 and above, employing a strategy that involves stealing a user’s computer security password when entered into an activator box.
The malicious software goes a step further by gaining access to the private keys of compromised cryptocurrency wallets as users attempt to open them. Despite the relatively basic method employed by the hackers, the malware itself is described as “seriously ingenious” by the researchers. It functions as a backdoor, endowing the hackers with administrator privileges and facilitating the substitution of legitimate Exodus and Bitcoin wallet applications with infected versions.
These infected applications proceed to pilfer secret recovery phrases as soon as the targeted wallet is unlocked. To shield against falling victim to this evolving malware campaign, Kaspersky advises users to adhere to reputable websites, keep their operating systems up-to-date, and deploy a reliable security solution.
This incident is not isolated, as hackers have previously employed various tactics, including disguising malware as legitimate wallets on online stores or creating counterfeit websites. Such practices have become prevalent enough that the United States Federal Bureau of Investigation (FBI) has issued warnings about them.
In a related incident in November, the Lazarus Group, a notorious hacking entity associated with North Korea, developed malware targeting macOS users within the decentralized finance community. This particular malware was distributed through Discord groups, posing a substantial threat to cryptocurrency users.
Despite the cryptocurrency industry suffering losses of around $2 billion due to theft in 2023, there has been a slight decrease in hacking incidents compared to the previous year, as per a report from De.FI, a prominent web3 security firm known for its REKT database. Notably, North Korean government hackers, identified as the Lazarus Group, were responsible for a significant portion of the total, contributing to their prolific activities aimed at funding the country’s nuclear weapons program in violation of international sanctions.
