ALBAWABA - In a startling revelation, a novel type of macOS malware has been identified, clandestinely distributed through unconventional pirate applications. This malicious software family has a unique objective – the covert theft of cryptocurrencies stored in the digital wallets of macOS users.
The recently uncovered Trojan boasts distinctive traits, utilizing DNS records for executing a malicious Python script. However, its ingenuity doesn't stop at cryptocurrency theft; it goes further by replacing the legitimate wallet application with its infected counterpart. This cunning maneuver results in the pilfering of the secret passphrase crucial for accessing the cryptocurrency holdings within the wallets.
This malware specifically targets macOS versions 13.6 and above, impacting devices with both Intel and Apple Silicon architecture. Notably, it seems to focus on users employing the latest operating system versions. The compromised disk images contain an activator alongside the targeted application. The seemingly innocuous activator comes to life when the user enters their password, activating the compromised application without their knowledge.
Attackers employ a tactic of modifying executable files using pre-compromised versions of the application. This renders them non-functional until the user unwittingly activates the activator, breaching their device's security.
After a recent patch, the malware fetches its primary payload by obtaining a DNS TXT record for a malicious domain, decrypting the Python script. The script then attempts to download the next stage of the infection chain, yet another Python script.
Ongoing research suggests that, despite no received commands during the investigation and regular updates to the backdoor, the malware campaign is actively evolving. A closer examination of the code reveals that the involved commands are likely encoded Python scripts.
This unexpected and sophisticated threat underscores the ever-evolving landscape of cybersecurity challenges facing macOS users, emphasizing the need for heightened vigilance and security measures.
