.png "blank Coverage")
Security researchers have identified a new strain of macOS malware leveraging pirated software to pilfer cryptocurrency. Kaspersky, an antivirus provider, uncovered the malware embedded in "cracked" software applications distributed on the internet. The malicious code is delivered through an "Activator" program, which is intended to install and launch pirated software. The Activator prompts users for their macOS system password to make changes, providing an opportunity for the malware to covertly install itself. This malware can spy on the Mac and receive commands from a remote server.
Kaspersky's investigation revealed that the malware targets users with macOS Ventura 13.6 and later, indicating a focus on newer operating system versions across Intel processors and Apple silicon machines. The malware's creator manipulated pre-compromised versions of pirated software by modifying a few bytes of code, disabling them and forcing users to launch the Activator. In one instance, the hacker packaged the malware into a pirated version of xScope, a paid macOS utility.
Once installed, the malware searches for Bitcoin and Exodus cryptocurrency wallets. If found, it secretly replaces the wallet with a compromised version to steal the user's digital currency. This discovery follows recent instances of hackers exploiting pirated software to distribute various types of macOS malware, emphasizing the need for users to exercise caution when downloading unofficial or unauthorized software.
Kaspersky warns users against downloading cracked applications, as they serve as easy entry points for malicious actors. The strategy often involves requesting the user's password during installation, a step that might not raise suspicions among users but allows the malware to escalate its privileges. The report highlights the ongoing threat landscape faced by macOS users and the importance of adopting secure practices when obtaining and installing software.
