Experts at Kaspersky Lab have discovered malware for macOS capable of replacing cryptocurrency wallets installed on the system with compromised versions.
The malicious software is distributed alongside pirated software. Once on the victim’s device, the file runs with administrator privileges and can execute any commands received from a control server.
The malware scans the system for Exodus and Bitcoin Core wallets. After replacement, the compromised version of these applications steals passwords and keys for full access to balances.
Additionally, the attackers obtain the victim’s operating system characteristics, user information, a list of installed applications, and the device’s external IP address.
Researchers noted that the malicious campaign targets macOS 13.6 and above. However, it is still in the development stage.
Earlier, analysts at Doctor Web reported on two increasingly popular trojans for covert cryptocurrency mining within pirated software. In a month and a half, one of the malicious programs infected over 40,000 systems.