...
...
Haider Jamal

Jan 24, 2024

Advanced Malware Attack Targets Macbook Users And Popular Crypto Wallets

Kaspersky Lab recently uncovered a sophisticated malware attack on Macbook users in the crypto realm. Cybercriminals repackaged cracked applications into the prevalent PKG files which are present on Macbook devices, distributing them through pirated software channels. Users unknowingly triggered the infection process, granting administrative privileges by inputting a password into a seemingly harmless application named Activator.

The Context

The malware, after examining the system, communicated with a command-and-control server, concealing its activities within DNS server traffic. It executed arbitrary commands received as Base64-encoded Python scripts, extracting sensitive information by the compromised system. Despite the C2 server being unresponsive during analysis, ongoing script updates indicated ongoing development by the malware operators.

It is worth mentioning that the infected sample established communication with a C2 server by generating a unique Uniform Resource Locator (URL) through a combination of hardcoded words and a random third-level domain name. This method allowed the malware to hide its activities within normal DNS server traffic, ensuring the payload download.

Malware Is To Blame

Notably, the malware targeted popular crypto wallets like Exodus and Bitcoin-Qt, replacing them with infected versions to steal wallet information. Kaspersky highlighted the persistent threat of distributing cracked applications to compromise numerous computers, exploiting trust during software installation. The innovative techniques utilized by the malware, like storing the Python script in a TXT record within a DNS server, were also underscored.

Additionally, the malware featured functionalities specifically targeting the aforementioned popular crypto wallet applications and when these applications were identified on the infected system, the malware sought to replace them with infected versions sourced via a distinct host. These compromised crypto wallets included mechanisms to pilfer wallet unlock passwords and secret recovery phrases through unsuspecting users.

Press Releases

...
Terra
Do Kwon Trial Begins Despite The Founder

7 months ago Mar 26, 2024

The civil fraud trial involving Ter... Read more

...
Goldman
Goldman Sachs Clients Look To Get Back

7 months ago Mar 25, 2024

Institutional clients served by the... Read more

...
Payments
New Payment Limit For Crypto Wallets Scrapped

7 months ago Mar 25, 2024

The recent Anti-Money Laundering re... Read more

...
Bitcoin
Bitcoin Undergoes Price Correction As International Economies

7 months ago Mar 24, 2024

A significant portion of the crypto... Read more

Join Our Newsletter

Get the latest trends and updates on our crypto community.