Hackers target digital asset users with cracked apps on macOS

Hackers are using cracked software to target macOS users, after which they break into their digital asset wallets and wipe them clean, a new report has revealed.

The report by Russian cybersecurity firm Kaspersky notes that these criminals are repackaging pre-cracked apps and embedding Trojan files that initiate the infection once installed by the unsuspecting user.

Our experts review a new #macOS backdoor exploiting cracked software, targeting #Bitcoin & #Exodus wallets. This malicious software replaces the wallets with #malware, deploying a potent backdoor running scripts with admin privileges.

Full report ⇒ https://t.co/eJXIdp9n3b pic.twitter.com/L2cmPMDb8N

— Kaspersky (@kaspersky) January 23, 2024

Kaspersky first discovered the new malware campaign in December, cautioning macOS users that saving a few dollars by installing cracked software could prove costly. In its latest report, the company says that the attackers have repackaged this malware and are targeting users of macOS Ventura 13.6 and later.

Once the victim downloads the illegal software, the malware launches a program named “Activator” that prompts the user to key in their computer password. Armed with administrator privileges, the malware downloads a payload and a Python script that executes any command it receives from the hackers’ servers.

The ultimate target of the script is to scan the computer for a digital asset wallet and then replace it with a mirror app downloaded from apple-analyser[.]com. In particular, the attackers targeted users of the Exodus wallet.

Following the Kaspersky report, Exodus urged its users to beware of attackers using social engineering techniques to obtain the victims’ credentials.

Hey, all! We want to talk about some scams that have been on the rise recently, how to recognize them, and what to do if you're targeted.

Social engineering is the new hotness in the world of scams. An attacker may approach the victim, build trust with them, and offer a trade or…

— Exodus (@exodus_io) January 22, 2024

“The internet is dark and full of terrors. Scammers are always looking for their next victim. In the world of crypto, as in life, if it sounds too good to be true, it probably is,” the wallet stated.

Kaspersky urged macOS users to only download legitimate applications from trusted websites and keep their operating systems up to date to ward off such attacks.

“Users should be extra cautious, especially with their cryptocurrency wallets. Avoid downloading from suspicious sites and use trusted cybersecurity solutions for better protection,” advises Kaspersky security researcher Sergey Puzan.

Digital asset owners continue to be one of the most targeted groups by cybercriminals. According to Scam Sniffer, a real-time Web3 scam updates platform, one phishing campaign siphoned over $80 million from over 100,000 victims over the past year.

Watch: Cybersecurity fundamentals in today’s digital age with AI & Web3