Malware in Pirated macOS Apps Targets Cryptocurrency Wallets

Jeeva Shanmugam
By Jeeva Shanmugam
3 Min Read

Most of the times, Apple devices are fortified against malware and trojans, however, this can’t be the case always, right? Cybersecurity firm Kaspersky has spotted a macOS exploit that doesn’t target the operating system (macOS) but rather cryptocurrency wallets like Exodus and Bitcoin draining them without the user’s consent.

Pirated macOS apps pose big threat

The newly discovered malware spreads from pirated applications that users might install. The malware attacks infected devices using a two-sided knife: first, it runs a malicious Python script on the infected device using DNS records. Second, it replaces the legit crypto wallets with a fake version that allows the attackers to steal the secret phrase/code required to access the cryptocurrencies. Once the attackers get hold of the secret phrase, they can easily drain the wallet leaving the user at large.

Screenshot showing data stolen from macs
Image Credits: Kaspersky

As per the report, devices running macOS v13.6 and above are susceptible to such malware irrespective of they are running on Apple Silicon or Intel chips.

According to Sergey Puzan – a Kaspersky security researcher, attackers have formulated a stealthy method to harbor network traffic to hide the Python script in the DNS server’s records, reducing the threat of discovery. Users should be cautious of downloading wallets from suspicious websites as it could open up the floodgates for attackers to shipon wallets carrying coins such as Bitcoin, USDT, Cardano, and Dogecoin, to name a few.

- Advertisement -

However, these types of attacks aren’t something new. Since November 2023, more than $4 million have been stolen on the Solana network using scams and fake airdrops. The Lazarus group of North Korea has stolen over $35 million from Atomic Wallet users shiponing off multiple cryptocurrencies.

What can you do to safeguard against malware? The answer is to keep your operating system updated at all times. You can add anti-malware software that detects the presence of any malware and prevents users from stumbling upon suspicious sites thus discouraging the instances of getting infected. Additionally, use official marketplaces to get your apps such as Apple App Store to prevent malicious codes from causing mayhem if you download from third-party sites. Of course, none of the measures mentioned above are 100% failsafe, you can still avert most of the instances using the aforementioned steps.

Share This Article
Making spicy content on the Internet!
Leave a comment

Most of the times, Apple devices are fortified against malware and trojans, however, this can’t be the case always, right? Cybersecurity firm Kaspersky has spotted a macOS exploit that doesn’t target the operating system (macOS) but rather cryptocurrency wallets like Exodus and Bitcoin draining them without the user’s consent.

Pirated macOS apps pose big threat

The newly discovered malware spreads from pirated applications that users might install. The malware attacks infected devices using a two-sided knife: first, it runs a malicious Python script on the infected device using DNS records. Second, it replaces the legit crypto wallets with a fake version that allows the attackers to steal the secret phrase/code required to access the cryptocurrencies. Once the attackers get hold of the secret phrase, they can easily drain the wallet leaving the user at large.

Screenshot showing data stolen from macs
Image Credits: Kaspersky

As per the report, devices running macOS v13.6 and above are susceptible to such malware irrespective of they are running on Apple Silicon or Intel chips.

According to Sergey Puzan – a Kaspersky security researcher, attackers have formulated a stealthy method to harbor network traffic to hide the Python script in the DNS server’s records, reducing the threat of discovery. Users should be cautious of downloading wallets from suspicious websites as it could open up the floodgates for attackers to shipon wallets carrying coins such as Bitcoin, USDT, Cardano, and Dogecoin, to name a few.

- Advertisement -

However, these types of attacks aren’t something new. Since November 2023, more than $4 million have been stolen on the Solana network using scams and fake airdrops. The Lazarus group of North Korea has stolen over $35 million from Atomic Wallet users shiponing off multiple cryptocurrencies.

What can you do to safeguard against malware? The answer is to keep your operating system updated at all times. You can add anti-malware software that detects the presence of any malware and prevents users from stumbling upon suspicious sites thus discouraging the instances of getting infected. Additionally, use official marketplaces to get your apps such as Apple App Store to prevent malicious codes from causing mayhem if you download from third-party sites. Of course, none of the measures mentioned above are 100% failsafe, you can still avert most of the instances using the aforementioned steps.

Share This Article
Making spicy content on the Internet!
Leave a comment