Dangerous Trojan Code for Bitcoin Wallets Released Publicly

Numerous popular cryptocurrency wallets are at risk following the public release of the macOS Stealer Trojan code, which is designed to steal assets. This was highlighted by a researcher from SlowMist.

?未来加密货币参与者将面临更为严峻的盗窃木马威胁
近日，知名的加密货币盗窃木马 MacOS Stealer 被突然开源。此前，其攻击源码以 1 BTC…

— 23pds (山哥) (@im23pds) December 16, 2024

According to the expert, the malware was previously sold for 1 BTC, but it is now free and can be used by a larger number of malicious actors. Additionally, they can enhance the code, creating more covert and sophisticated attack methods.

The Stealer Trojan disguises itself as job offers, verification bots, and other software. Once launched, it steals system information, credentials, and wallet private keys.

Most cryptocurrency applications are vulnerable to the malware, including Atomic Wallet, Binance Wallet, BitKeep, Coinbase Wallet, Exodus, MetaMask, MyEtherWallet, Phantom, Trezor, Trust Wallet, and others.

针对攻击的各种插件、钱包： pic.twitter.com/VITxSIIaRs

— 23pds (山哥) (@im23pds) December 16, 2024

The code contains comments in Russian, leading the expert to conclude that it was developed in Russia or Eastern Europe.

Back in September, analysts from Sophos X-Ops reported that over 50% of attacks on macOS in the first half of the year were attributed to a single crypto stealer — Atomic macOS Stealer.