Fresh malware targeting Apple users in the US and Germany is infecting Bitcoin and Exodus cryptowallet applications with a Trojan distributed through pirated software, according to Kaspersky researchers.
The malware is delivered via cracked applications and can replace Exodus and Bitcoin cryptowallet applications installed on the user's machine with infected versions that steal secret recovery phrases after the wallet is unlocked.
The report, issued this week, noted the attackers use DNS TXT records to deliver an encrypted Python script to their victims as the second stage of infection.
After installation and the patching process, the applications become operational, and the user is unaware of the malware running in the background.
When users launch these compromised wallet applications, the malware sends data, including seed phrases or wallet passwords, to a command-and-control server controlled by the attackers.
This can result in the attackers having full control of a victim's digital wallet.
He added there are no specific reasons why attackers focus on macOS 13.6 and higher.
He says the form protection from such threats is to avoid downloading any cracked or modified applications, even from well-known and trusted sources.
John Bambenek, president at Bambenek Consulting, says while the use of pirated applications as a vehicle for malware isn't a particularly new technique, the selection of macOSX applications with functionality to steal cryptocurrency wallets is unique.
In 2023, there were numerous malicious campaigns targeting cryptocurrency wallet owners, but the Kaspersky findings indicate that some attackers are now going to greater lengths to ensure they access the contents of their victims' crypto wallets while remaining undetected for as long as possible.
Adam Neel, threat detection engineer at Critical Start, notes that malicious actors are adapting their techniques to take advantage of cryptocurrency users' behaviors and preferences.
Bambenek notes many of the OS-provided protections needed to be explicitly disabled to get these applications on the system in the first place, so the biggest defense mechanism is to avoid pirated software and source applications only from the official app store.
Neel says users must continue to take precautions, especially when storing large amounts of digital currency.
This Cyber News was published on www.darkreading.com. Publication date: Tue, 23 Jan 2024 21:05:17 +0000