What type of news does CryptoWeekly cover?

CryptoWeekly covers cryptocurrency market updates, blockchain technology developments, and regulatory news.

How often is the news section updated?

CryptoWeekly updates its news section daily with the latest developments in the crypto industry.

Can I contribute news articles to CryptoWeekly?

Yes, guest contributions are welcome. Contact our editorial team to submit your article.

Is CryptoWeekly news biased?

CryptoWeekly strives to provide unbiased, factual, and up-to-date cryptocurrency news.

Market

Advanced Malware Attack Targets Macbook Users And Popular Crypto Wallets

Haider Jamal
January 24, 2024

Kaspersky Lab recently uncovered a sophisticated malware attack on Macbook users in the crypto realm. Cybercriminals repackaged cracked applications into the prevalent PKG files which are present on Macbook devices, distributing them through pirated software channels. Users unknowingly triggered the infection process, granting administrative privileges by inputting a password into a seemingly harmless application named Activator . The Context The malware , after examining the system, communicated with a command-and-control server, concealing its activities within DNS server traffic. It executed arbitrary commands received as Base64-encoded Python scripts, extracting sensitive information by the compromised system. Despite the C2 server being unresponsive during analysis, ongoing script updates indicated ongoing development by the malware operators. It is worth mentioning that the infected sample established communication with a C2 server by generating a unique Uniform Resource Locator (URL) through a combination of hardcoded words and a random third-level domain name. This method allowed the malware to hide its activities within normal DNS server traffic, ensuring the payload download. Malware Is To Blame Notably, the malware targeted popular crypto wallets like Exodus and Bitcoin-Qt, replacing them with infected versions to steal wallet information. Kaspersky highlighted the persistent threat of distributing cracked applications to compromise numerous computers, exploiting trust during software installation. The innovative techniques utilized by the malware, like storing the Python script in a TXT record within a DNS server, were also underscored. Additionally, the malware featured functionalities specifically targeting the aforementioned popular crypto wallet applications and when these applications were identified on the infected system, the malware sought to replace them with infected versions sourced via a distinct host. These compromised crypto wallets included mechanisms to pilfer wallet unlock passwords and secret recovery phrases through unsuspecting users.

Join Our FREE Newsletter

Subscribe to stay informed and receive latest updates on the latest happenings in the crypto world!

By submitting this form, you are consenting to receive marketing emails from: Crypto Weekly. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Haider Jamal

Content Strategist

Haider is a fintech enthusiast and Content Strategist at CryptoWeekly with over four years in the Crypto & Blockchain industry. He began his writing journey with a blog after graduating from Monash University Malaysia. Passionate about storytelling and content creation, he blends creativity with insight. Haider is driven to grow professionally while always seeking the next big idea.