Hackers use pirated software to hijack Mac, Android, and Windows devices

Trading in cryptocurrency? You might be sitting on a pretty penny in that digital wallet of yours. Feels great, doesn’t it? But here’s the catch with digital currency: keeping it secure isn’t a walk in the park.

Hackers are out there, working overtime to come up with new tricks to swipe your crypto, potentially emptying your wallet in one fell swoop. Yep, for these cyber thieves, your digital cash is the ultimate prize. And the worst part? Most of the time, you won’t even realize you’ve been hit until your balance is zero.

Case in point: there’s this fresh malware out there, specifically targeting macOS, Android, and Windows devices. It sneaks in through pirated software, hunting for your cryptocurrency to make it its own. Here’s how it works.

What is the new malware targeting cryptocurrency users?

The cybersecurity company Kaspersky has uncovered a sophisticated new malware campaign designed to pilfer cryptocurrency from users’ wallets. This campaign leverages pirated or improperly licensed software as a vector for infection, exploiting the common practice of seeking out ‘free’ versions of paid software online.

These cracked applications, distributed through unauthorized websites, are embedded with a Trojan-Proxy type of malware. This malware is not limited to just macOS users, as recent findings have shown; variants targeting Android and Windows platforms have also been discovered, connecting to the same Command and Control (C&C) server. These variants, like their macOS counterparts, are concealed within cracked software, illustrating the widespread risk across different operating systems.

Once the malware is downloaded into your device, it’ll immediately start checking for Bitcoin and Exodus cryptocurrency wallets. If it discovers either one (which is very unfortunate for some users who have both), the malware replaces the wallet and infects it with another version that’s able to steal the cryptocurrency. For some people, this could amount to thousands of dollars. And, it’s all because you unintentionally downloaded the malware to your macOS, Android, and Windows devices.

MORE: HOW CROOKS ARE USING SKIMMERS AND SHIMMERS TO STEAL YOUR MONEY AT YOUR ATM MACHINE

 

How does this malware get on your device?

Kaspersky reported that this new malware is coming through cracked software applications online. A cracked software has broken protection, thus making it easier for hackers to infiltrate it with code. With this, the malware’s creator took pre-compromised versions of the pirated software — one example being xScope, a paid macOS utility — and altered a few bytes of code to get the job done.

Then, in February, security firm Jamf found another cryptocurrency-focused macOS malware circulating through a pirated version of Apple’s Final Cut Pro software.

This malware can be used by attackers to gain money or perform criminal activities using your device. It is distributed as .PKG installers, which contain scripts that execute after installation, altering system files and setting up the malware to run as a system process.

 

What 37 pirated applications are being loaded with this malware?

The pirated applications are versions of software that have been modified to remove or disable features that are only available in paid versions, such as license verification. These applications are often distributed illegally and without the consent of the software creator. These are identified as being loaded with this Trojan-Proxy malware:

  • 4K Image Compressor
  • 4K Video Downloader Pro v4.24.3 macOS
  • Aiseesoft Mac Data Recovery
  • Aiseesoft Mac Video Converter Ultimate
  • Allavsoft
  • AnyMP4 Android Data Recovery for Mac
  • AweCleaner
  • Downie 4
  • FonePaw Data Recovery
  • INet Network Scanner
  • MacDroid
  • MacX Video Converter Pro
  • MouseBoost Pro
  • MWeb Pro
  • NetShred X
  • NetWorker Pro
  • Path Finder
  • Patternodes
  • Perfectly Clear Workbench
  • Print to PDF
  • Project Office X
  • Rocket Typist
  • Sketch
  • SponsorBlock
  • SystemToolkit
  • TransData
  • Vellum
  • VideoDuke
  • Wondershare UniConverter 13
  • SQLPro Studio
  • WinX HD Video Converter for Mac
  • Artstudio Pro
  • Magic Sort List
  • FoneLab Mac Data Retriever
  • Apeaksoft Video Converter Ultimate for Mac

Furthermore, the malware campaign extends beyond macOS, as shown by the fact that Android and Windows platforms are also being targeted by malware that communicates with the same command and control server. The applications or files identified for these platforms are:

  • Android: s276.apk, Swipis_v2.6.1[Mobile].apk
  • Windows: wsclient.exe

The lesson is to avoid downloading pirated software from unauthorized sources to protect yourself from such malware infections.

MORE: STEALTHY BACKDOOR MAC MALWARE THAT CAN WIPE OUT YOUR FILES

 

The deceptive ‘Activator’ app and its cryptocurrency heist

When you download one of these apps, it launches “Activator”, which prompts you to put in your device’s username and password to install and launch the software, when you think you’re installing an app.

When this happens successfully, (or, rather — unsuccessfully to you), the hacker can spy on your device and receive commands from their server. This is when the hacker executes their dirty work: searching for cryptocurrency wallets, replacing them, and looting your dough.

MORE: BEWARE OF FAKE BROWSER UPDATES ON YOUR MAC

 

Another note that Kaspersky mentioned for this particular malware has been targeting users with the macOS Ventura 13.6, which was just released in September 2023. We don’t know for sure, but this seems to suggest that if you’re not running that, then you might be safe from this hack, this time.

Of course, if you also don’t have cryptocurrency, you’re probably okay, too. However, this unique type of malware that uses pirated software to get on your device is not all that new. Hackers have used this method of exploiting pirated software before, and they’ll do it again.

 

So, how can you keep yourself safe?

Remember, for the hacker to get the malware on your device, you have to download it. This is done by clicking on a link or a file that’s generally suspicious, but not always. In the case of this threat, hackers understand that cryptocurrency users are probably more tech-savvy than the average person, and are therefore more attuned to hacks that are out there. Because of this, hackers have to find ways to trick you into downloading the malware in the first place. So here are 5 things you can do to protect yourself.

1) Don’t download bootleg software:

2) Don’t click on suspicious links or files: If you encounter a link that looks suspicious, misspelled, or unfamiliar, avoid clicking on it. Instead, consider going directly to the company’s website by manually typing in the web address or searching for it in a trusted search engine. Typically, the first or second result that appears is legitimate.

3) Update your device with software regularly: Regularly updating your device’s software is crucial for security because it ensures that you receive the latest patches, bug fixes, and security enhancements. These updates help protect your device from vulnerabilities and potential threats that could be exploited by malicious actors.

4) Consider storing your cryptocurrency wallet in an external hard drive: If you do have cryptocurrency, you can always consider storing your wallet in an external hard drive. This storage method means that it’s safe from hackers on the internet.

5) Have good antivirus software: The best way to protect yourself from clicking malicious links that install malware that may get access to your private information is to have antivirus protection installed on all your devices. This can also alert you of any phishing emails or ransomware scams.

My top pick is TotalAV, and you can get a limited-time deal for CyberGuy readers: $19 your first year (80% off) for the TotalAV Antivirus Pro package. 

Best Antivirus Protection 2024

 

Kurt’s key takeaways

It’s a scary threat that could cost you a lot of money if you’re not careful. But you can protect yourself by following the steps above, so you can enjoy your cryptocurrency without worrying about losing it to hackers.

Do you believe government regulations should play a stronger role in protecting crypto users? Let us know in the comments below. 

FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE

 

 

Copyright 2024 CyberGuy.com.  All rights reserved.  CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.

Related posts

Free email services are costing you more than you think

Cheap Black Friday deals cost to your privacy

6 apps to save you money during the holidays

1 comment

Jim Peiffer March 28, 2024 - 11:02 am
Government IS the main problem! If government just got out of the way and let private enterpise do it's job, private enterprise could and would fix every evil hacker and enabler very quickly and PERMENATLEY!
Add Comment