Apple users have been urged to be vigilant as cybersecurity firm Kaspersky reports a verified macOS exploit targeting the latest operating system version.
The exploit is designed to deceive Bitcoin and Exodus wallet users into unwittingly downloading a fraudulent version of the software.
Crypto-Stealing Malware Targets macOS Users
Kaspersky mentioned that the malware, distributed through pirated applications, is distinctive in its focus on compromising wallet applications. Unlike typical proxy trojans or remote control software, this malware stands out in two ways.
First, it utilizes DNS records to deliver a malicious Python script. Second, rather than merely stealing crypto wallets, it replaces a wallet application with its infected version. This allows the malware to steal the secret phrase to access cryptocurrency stored in the compromised wallets.
Our experts review a new #macOS backdoor exploiting cracked software, targeting #Bitcoin & #Exodus wallets. This malicious software replaces the wallets with #malware, deploying a potent backdoor running scripts with admin privileges.
Full report ⇒ https://t.co/eJXIdp9n3b pic.twitter.com/L2cmPMDb8N
— Kaspersky (@kaspersky) January 23, 2024
The malware is tailored to target macOS versions 13.6 and above, irrespective of whether they run on Intel or Apple Silicon devices. Kaspersky emphasizes the unique creativity of the attackers in hiding a Python script within a DNS server’s record, enhancing the malware’s stealth in network traffic.
Security researcher Sergey Puzan from Kaspersky has advised users with cryptocurrency wallets to exercise extra caution. Kaspersky suggests users take precautions such as updating their computer’s operating system, installing anti-malware software, and downloading apps only from official stores like the Apple App Store to protect digital investments.
While these measures enhance security, it’s important to note that even hardware wallets are not foolproof. In a separate incident, 16.8 Bitcoin (approximately $587,238) was stolen after a fake Ledger cryptocurrency wallet management app was downloaded from the Microsoft App Store in November.
Crypto Wallets Under Threat
Malware targeting crypto wallets continues to pose a threat, with recent incidents highlighting the vulnerability of users and the potential for financial losses. Since November, over $4 million has been stolen through scams and fake airdrops on the Solana network.
Additionally, hackers linked to North Korea’s Lazarus group reportedly stole over $35 million from users of Atomic Wallet, taking various cryptocurrencies such as USDT, XRP, Cardano, and Dogecoin. Meanwhile, the Kaspersky report has raised concerns, especially for wallet providers like Exodus, Coinbase, and MetaMask, which hackers have targeted in the past.
Exodus Wallet CEO JP Richardson has emphasized the company’s commitment to customer security, conducting comprehensive code audits to identify and mitigate potential threats. Despite these efforts, Richardson recommends users consider using a hardware wallet for an additional layer of security.