This malware, discovered by Kaspersky Labs researchers in December, is part of a new family of trojan proxies. The cybercriminals behind this campaign compromise legitimate applications that users download from untrusted websites. These apps are often cracked versions that persuade users to disable their security settings, making them susceptible to malware installation.
The method of this malware is relatively basic, but Kaspersky Labs researchers describe it as “seriously ingenious” due to its ability to execute a final payload that acts as a backdoor with administrator privileges. This payload replaces legitimate cryptocurrency wallet applications like Bitcoin and Exodus on the infected machine with malicious versions. These malicious versions discreetly steal secret recovery phrases as soon as the user unlocks the wallet.
To protect against this malware campaign, it is crucial for users to take a series of precautionary measures. First and foremost, it is strongly recommended that users exclusively download software from reputable and authorized websites. Resisting the temptation to acquire cracked or pirated applications from questionable sources is essential, as these illicit downloads often serve as entry points for malware.
Additionally, keeping the MacOS operating system up to date is essential. By regularly updating the software, users ensure that vital security patches and updates are in place, effectively strengthening the system’s defenses against potential threats.
The FBI Warns of Tactics for Deploying Increasingly Sophisticated Malware
As an additional measure to bolster their defenses, users are advised to install a reliable security solution on their MacOS devices. These security tools provide an additional layer of protection, actively detecting and neutralizing malware and cyberattacks.
Apart from the method discovered by Kaspersky Labs, hackers have resorted to other techniques to compromise wallets and MacOS systems. One common tactic involves disguising malware as legitimate wallets on online stores or fake websites. This deceptive tactic has become so widespread that the FBI issued a warning about it.
In a related incident in November, the North Korean Lazarus Group of hackers developed malware targeting MacOS users within the decentralized finance community. The program circulated through Discord groups, highlighting the increasing sophistication and diversification of cyber threats targeting the crypto sector. Adopting these precautionary measures and any others available will significantly help users reduce their vulnerability to this campaign and strengthen their digital security posture.