Hackers target MacOs users through pirated apps that steal crypto

Security analysts have warned crypto traders using MacOS to exercise caution when downloading bootleg apps, as newly discovered malware steals their bags.

On Monday, Kaspersky published its report detailing how bad actors are spreading infected versions of popular software that tricks traders into opening infected versions of their crypto wallets. An Apple device running MacOS Ventura 13.6 or later is at risk.

The report outlines how an ‘Activator’ program, added to the files of pirated apps, forces the installation and launch of malware that gives hackers access to the device.

“Once the malware installs itself, it’ll begin checking for the presence of Bitcoin and Exodus cryptocurrency wallets,” Kapersky said. “If found, the malware will then secretly replace the wallet with its own infected version to loot the user’s digital currency.”

‘Activator’ requests the user’s login credentials so that the app can gain admin privileges and install itself (via Kapersky).

Read more: Korean gov’t officials targeted by North’s ‘journalist’ crypto hackers

The investigation revealed that the hackers altered only a few bytes of code of pirated software to pull it off. The script contained two functions which checked if the device had a crypto wallet: check_exodus_and_hash() and check_btccore_and_hash().

If so, it would update their apps with infected versions. “The malicious actors had infected Exodus by embedding their brainchild right at the beginning of the application: the file main/index.js, which was the first to start when the application was launched,” the report said.

Kaspersky notes the scheme appears to be a work in progress, and hackers may be updating the code frequently. MacOs users have been cautioned to download software from reputable sources.

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on XInstagramBluesky, and Google News, or subscribe to our YouTube channel.