Kaspersky Labs has discovered a new set of trojan proxies designed to target macOS users, specifically focusing on stealing Bitcoin and cryptocurrency wallets. The malicious software is distributed through pirated applications obtained from unauthorized sources. Exploiting the tendency of users seeking cracked apps to disable security measures, hackers capitalize on the opportunity to distribute the malware alongside these compromised applications.
The malware specifically targets macOS versions 13.6 and above. It gains access to the user’s computer security password by prompting them to enter it into an activator box. Additionally, the malware extracts private keys from crypto wallets when users attempt to open wallets compromised by the malicious software.
During the investigation, Kaspersky researchers noted that the malware was still in the development phase. Despite its basic approach, the malware is described as “remarkably clever.” It incorporates a backdoor that can execute scripts with administrator privileges, allowing it to replace legitimate applications like Exodus and Bitcoin crypto wallets with infected versions. These versions discreetly capture secret recovery phrases when the user unlocks the wallet.
To safeguard against falling prey to this malware campaign, Kaspersky advises users to stick to trusted websites, regularly update their computer’s operating system, and deploy a reliable security solution on their machines.
The researchers also highlighted other tactics employed by hackers, such as disguising malware as legitimate wallets on online stores or fake websites. This method has become prevalent enough that the United States Federal Bureau of Investigation (FBI) has issued a warning about such activities.
