Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • ADOPTION
  • TRADING
  • HACKING
  • SLOT
  • CASINO
Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • ADOPTION
  • TRADING
  • HACKING
  • SLOT
  • CASINO
Crypto Flexs
Home»BITCOIN NEWS»Cybersecurity firm warns Macbook Crypto users targeted by advanced malware attack
BITCOIN NEWS

Cybersecurity firm warns Macbook Crypto users targeted by advanced malware attack

By Crypto FlexsJanuary 24, 20243 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Cybersecurity firm warns Macbook Crypto users targeted by advanced malware attack
Share
Facebook Twitter LinkedIn Pinterest Email

The widespread adoption of cryptocurrencies in the fast-growing cryptocurrency industry is attracting not only legitimate users but also cybercriminals. exploit the vulnerability.

Recent research from cybersecurity firm Kaspersky has uncovered sophisticated malware attacks targeting Macbook users in the cryptocurrency space.

Collect sensitive data from infected Mac systems

Kaspersky Lab Expert discovery The attackers repackaged the pre-cracked application into a package (PKG) file (a type of file format commonly used on Macbooks) and included a Trojan proxy and post-installation script.

Applications containing malicious code were primarily distributed through pirated software channels. When a user attempts to install a cracked application, the infection process begins without their knowledge.

to fool the userThe infected installation package displayed a window with installation instructions, telling it to copy applications to the /Applications/ directory and launch an application called “Activator”.

Activation window and password form targeted at crypto users. Source: Kaspersky

Although it may seem simple at first glance, Activator effectively gave the malware administrator privileges by prompting the user to enter a password.

When executed, the malware checked to see if there was a copy of the programming language installed on the system. python 3 If it wasn’t there, I installed the Python 3 version I copied earlier from my Macbook operating system directory.

The malware then “patched” the downloaded apps by comparing the modified executable to sequences hardcoded inside the Activator. If a match is found, the malware removes the initial bytes, making it appear to the user that the application has been cracked and is working properly. However, as the malware launched its main payload, the attacker’s true intentions were revealed.

Infected samples established communication with a command and control (C2) server by generating a unique Uniform Resource Locator (URL), or web address, through a combination of hardcoded words and a random three-level domain name.

This method allowed the malware to hide its activities within legitimate DNS server traffic and ensure payload download.

that much decrypted script Information obtained from C2 servers, which are remote servers or infrastructure used by cybercriminals to control and manage malware or botnet operations, revealed that the malware operates by executing arbitrary commands received from the server. These commands were often passed as Base64-encoded Python scripts.

The malware also collected sensitive information from the infected system, including operating system version, user directory, list of installed applications, CPU type, and external IP address. The collected data was sent back to the server.

Malware campaign targets cryptocurrency wallet applications

While analyzing the malware campaign, Kaspersky discovered that the C2 server did not return any commands during the investigation and eventually stopped responding.

However, a subsequent attempt to download the Step 3 Python script uncovered an update to the script. metadataThis represents continuous development and adaptation by malware operators.

The malware also included the ability to target popular cryptocurrency wallet applications, including Exodus and Bitcoin-Qt.

When these applications were detected on an infected system, the malware attempted to replace them with infected versions obtained from another host, apple-analyzer (.)com.

Infected cryptocurrency wallets contain mechanisms to steal wallet unlock passwords and secret recovery phrases from unsuspecting users.

The cybersecurity company emphasized that malicious actors continue to distribute cracked applications. To access your computer.

An attacker can easily escalate privileges by abusing user trust during software installation by prompting the user for a password. Kaspersky also highlighted the techniques used by the malware campaign, including storing Python scripts within domain TXT records on DNS servers, demonstrating the attackers’ “ingenuity”.

cryptocurrency
On the daily chart, the overall cryptocurrency market cap fell below $1.5 trillion. Source: TOTAL on TradingView.com

Featured image from Shutterstock, chart from TradingView.com

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Is it really possible to sell Memecoins?

July 29, 2025

Big Bob Slot -Self -There fish, bite wins!

July 23, 2025

The strategy has hit the highest market cap since the Rally Bitcoin rally.

July 17, 2025
Add A Comment

Comments are closed.

Recent Posts

VFAT Farm Strategy Audit Summary

July 31, 2025

ETH Meme Coin Pepeto Ends Stage 6 With $5.770.000 Raised In Presale

July 31, 2025

PowerBank And Intellistake Announce Strategic Alliance To Pioneer Digital Currencies, Including Bitcoin Treasury Integration And RWA Tokenization

July 31, 2025

Strategic Ettterim Protection Zone surpasses $ 10 billion as institutional interests increase.

July 31, 2025

Tethers we target the Stablecoin market and quote the path of genius behavior.

July 31, 2025

Pepescape Crypto Presale Raises $1M As Ethereum Eyes $6K, Community-Owned Exchange Gigacex Unveiled

July 30, 2025

Midl Secures $2.4M Seed Investment From Draper Associates And Draper Dragon To Pioneer Native DApp Infrastructure On Bitcoin

July 30, 2025

LayerBTC starts $ LBTC ICO to power the new Bitcoin Layer 2 for Apps and Defi.

July 30, 2025

Asia Morning Briefing: SEC’s in -kind BTC, ETH ETF reduction shift occurred in Hong Kong a few years ago.

July 30, 2025

XRP Open Interests decrease by $ 2.4B after recent sale

July 30, 2025

Is it really possible to sell Memecoins?

July 29, 2025

Crypto Flexs is a Professional Cryptocurrency News Platform. Here we will provide you only interesting content, which you will like very much. We’re dedicated to providing you the best of Cryptocurrency. We hope you enjoy our Cryptocurrency News as much as we enjoy offering them to you.

Contact Us : Partner(@)Cryptoflexs.com

Top Insights

VFAT Farm Strategy Audit Summary

July 31, 2025

ETH Meme Coin Pepeto Ends Stage 6 With $5.770.000 Raised In Presale

July 31, 2025

PowerBank And Intellistake Announce Strategic Alliance To Pioneer Digital Currencies, Including Bitcoin Treasury Integration And RWA Tokenization

July 31, 2025
Most Popular

How Ethereum Founder Vitalik Buterin Keeps Cryptocurrency Safe

May 1, 2024

BNB Greenfield Ural hard fork will improve user experience and storage provider performance

March 7, 2024

Floki announces major advertising campaign for 2024-25 English Premier League Valhalla

August 13, 2024
  • Home
  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms and Conditions
© 2025 Crypto Flexs

Type above and press Enter to search. Press Esc to cancel.