Kaspersky Alerts: New MacOS Malware Targets Crypto Wallets

• MacOS malware targets crypto wallets (13.6+).
• Innovative tactic: DNS for stealth.
• User caution: Trust sources, update OS, use strong security.

Kaspersky has raised concerns about a newly discovered malware targeting MacOS versions 13.6 and higher. This malicious software is designed to specifically exploit cryptocurrency wallets, posing a significant threat to users who engage in Bitcoin and Exodus transactions.

Unlike typical cyber threats, this malware deviates from the conventional use of proxy trojans or remote control software. Instead, it capitalizes on users seeking cracked applications by distributing itself through pirated applications. Kaspersky emphasizes that cybercriminals exploit the willingness of individuals to download installers from questionable websites and disable security measures on their machines.

The distinguishing feature of this malware is its utilization of DNS records to deliver a malicious Python script, a method previously unseen in similar attacks. Notably, the malware doesn’t merely steal data from crypto wallets; it replaces the authentic wallet application with a counterfeit version. This enables attackers to gain access to the secret phrases necessary for accessing the cryptocurrencies stored in these wallets.

Sergey Puzan, a security researcher at Kaspersky, highlights the innovation in hiding a Python script within a DNS server’s record, making the malware harder to detect in network traffic. To mitigate the risk, users are advised to exercise extreme caution with their cryptocurrency wallets. Kaspersky recommends downloading wallet applications only from trusted sources like the Apple App Store, keeping operating systems updated, and employing robust security solutions.

This threat is part of a broader trend of increasing cyber-attacks targeting cryptocurrency users. Notably, North Korean hackers have been employing sophisticated tactics, including impersonating journalists and government agencies, to gain unauthorized access to Bitcoin wallets. In a separate incident, these hackers deceived 19 victims, resulting in a substantial theft of cryptocurrencies.

In June of the same year, the Lazarus group, linked to North Korea, reportedly stole over $35 million in various cryptocurrencies from users of Atomic Wallet. This underscores the growing challenges faced by cryptocurrency users, emphasizing the need for heightened vigilance and robust security practices in the face of evolving cyber threats.