Cybersecurity experts at Kaspersky have recently identified malware targeting macOS users. This malware, specifically engineered for versions 13.6 and above, poses a significant threat to digital cryptocurrency wallets.
It employs a unique approach, utilizing DNS records to deliver a Python script, which departs from traditional crypto theft methods.
The malware targets popular wallets like Bitcoin and Exodus by replacing legitimate wallet applications with infected versions. This strategy enables the theft of secret phrases important for accessing crypto assets.
Furthermore, the Trojan is delivered via compromised disk images containing an activator hidden as helpful. This activator is key in triggering the malicious application, which remains dormant until the unsuspecting user enters their password.
Upon activation, the malware begins its primary operation, persistently downloading further stages of the infection.
This approach trades off the wallet application and strategically uses the executable files. The focus on newer macOS versions highlights the attackers’ deliberate targets of users with up-to-date operating systems.
To combat this threat, Kaspersky advises users to download applications from official sources, which undergo a more rigorous scan.
Additionally, implementing trusted security solutions, updating operating systems and applications, securing seed phrases, and using strong passwords are important in safeguarding crypto assets against such Trojans.