Kaspersky is raising the alarm for MacOS users to enhance their digital defenses due to a new strain of malware aimed at versions 13.6 and higher, with a particular focus on cryptocurrency wallet security.
Understanding the Threat
In a recent discovery, Kaspersky’s security experts have identified a form of malware that is not only deceptive but also highly targeted at cryptocurrency wallet users. This malware masquerades as legitimate wallet software for popular cryptocurrencies such as Bitcoin and Exodus, tricking users into downloading a malicious variant.
How It Spreads
Unlike common trojans or remote control software, this new malware proliferates via pirated applications. It exploits the propensity of users seeking cracked apps to disregard safety, thus making them vulnerable to malware installation.
A Novel Delivery Method
The Trojan distinguishes itself by delivering a malicious Python script through DNS records— a technique not observed in prior attacks. This method of concealment within DNS server records makes network traffic detection more challenging.
The Malware’s Mechanism
More than just stealing wallet data, the malware replaces the genuine wallet application with a counterfeit one, thereby providing attackers access to the secret recovery phrases necessary to commandeer the cryptocurrencies within.
Who Is at Risk?
The malware targets users of macOS versions 13.6 and above, showing no preference between Intel or Apple Silicon hardware.
Expert Advice
Sergey Puzan of Kaspersky emphasizes the importance of vigilance with cryptocurrency wallets. He advises downloading applications only from reputable sources such as the Apple App Store, keeping operating systems up to date, and using robust security solutions to mitigate risks.
The Bigger Picture
This malware is part of a worrying increase in cyber-attacks aimed at cryptocurrency assets. Notably, North Korean hackers have been employing elaborate schemes to infiltrate Bitcoin wallets by posing as journalists and government entities.
Recent Incidents
In November 2023, crypto.news reported that North Korean hackers deceived 19 victims, leading to a substantial loss of cryptocurrencies. Additionally, in June 2023, Elliptic Connect reported that the Lazarus group, linked to North Korea, pilfered more than $35 million in various cryptocurrencies from Atomic Wallet users.
English