Trading in cryptocurrency? You might be sitting on a pretty penny in that digital wallet of yours. Feels great, doesn’t it? But here’s the catch with digital currency: keeping it secure isn’t a walk in the park.
Hackers are out there, working overtime to come up with new tricks to swipe your crypto, potentially emptying your wallet in one fell swoop. Yep, for these cyber thieves, your digital cash is the ultimate prize. And the worst part? Most of the time, you won’t even realize you’ve been hit until your balance is zero.
Case in point: there’s this fresh malware out there, specifically targeting macOS, Android, and Windows devices. It sneaks in through pirated software, hunting for your cryptocurrency to make it its own. Here’s how it works.
What is the new malware targeting cryptocurrency users?
The cybersecurity company Kaspersky has uncovered a sophisticated new malware campaign designed to pilfer cryptocurrency from users’ wallets. This campaign leverages pirated or improperly licensed software as a vector for infection, exploiting the common practice of seeking out ‘free’ versions of paid software online.
These cracked applications, distributed through unauthorized websites, are embedded with a Trojan-Proxy type of malware. This malware is not limited to just macOS users, as recent findings have shown; variants targeting Android and Windows platforms have also been discovered, connecting to the same Command and Control (C&C) server. These variants, like their macOS counterparts, are concealed within cracked software, illustrating the widespread risk across different operating systems.
Once the malware is downloaded into your device, it’ll immediately start checking for Bitcoin and Exodus cryptocurrency wallets. If it discovers either one (which is very unfortunate for some users who have both), the malware replaces the wallet and infects it with another version that’s able to steal the cryptocurrency. For some people, this could amount to thousands of dollars. And, it’s all because you unintentionally downloaded the malware to your macOS, Android, and Windows devices.
MORE: HOW CROOKS ARE USING SKIMMERS AND SHIMMERS TO STEAL YOUR MONEY AT YOUR ATM MACHINE
How does this malware get on your device?
Kaspersky reported that this new malware is coming through cracked software applications online. A cracked software has broken protection, thus making it easier for hackers to infiltrate it with code. With this, the malware’s creator took pre-compromised versions of the pirated software — one example being xScope, a paid macOS utility — and altered a few bytes of code to get the job done.
Then, in February, security firm Jamf found another cryptocurrency-focused macOS malware circulating through a pirated version of Apple’s Final Cut Pro software.
This malware can be used by attackers to gain money or perform criminal activities using your device. It is distributed as .PKG installers, which contain scripts that execute after installation, altering system files and setting up the malware to run as a system process.
What 37 pirated applications are being loaded with this malware?
The pirated applications are versions of software that have been modified to remove or disable features that are only available in paid versions, such as license verification. These applications are often distributed illegally and without the consent of the software creator. These are identified as being loaded with this Trojan-Proxy malware:
- 4K Image Compressor
- 4K Video Downloader Pro v4.24.3 macOS
- Aiseesoft Mac Data Recovery
- Aiseesoft Mac Video Converter Ultimate
- Allavsoft
- AnyMP4 Android Data Recovery for Mac
- AweCleaner
- Downie 4
- FonePaw Data Recovery
- INet Network Scanner
- MacDroid
- MacX Video Converter Pro
- MouseBoost Pro
- MWeb Pro
- NetShred X
- NetWorker Pro
- Path Finder
- Patternodes
- Perfectly Clear Workbench
- Print to PDF
- Project Office X
- Rocket Typist
- Sketch
- SponsorBlock
- SystemToolkit
- TransData
- Vellum
- VideoDuke
- Wondershare UniConverter 13
- SQLPro Studio
- WinX HD Video Converter for Mac
- Artstudio Pro
- Magic Sort List
- FoneLab Mac Data Retriever
- Apeaksoft Video Converter Ultimate for Mac
Furthermore, the malware campaign extends beyond macOS, as shown by the fact that Android and Windows platforms are also being targeted by malware that communicates with the same command and control server. The applications or files identified for these platforms are:
- Android: s276.apk, Swipis_v2.6.1[Mobile].apk
- Windows: wsclient.exe
The lesson is to avoid downloading pirated software from unauthorized sources to protect yourself from such malware infections.
MORE: STEALTHY BACKDOOR MAC MALWARE THAT CAN WIPE OUT YOUR FILES
The deceptive ‘Activator’ app and its cryptocurrency heist
When you download one of these apps, it launches “Activator”, which prompts you to put in your device’s username and password to install and launch the software, when you think you’re installing an app.
When this happens successfully, (or, rather — unsuccessfully to you), the hacker can spy on your device and receive commands from their server. This is when the hacker executes their dirty work: searching for cryptocurrency wallets, replacing them, and looting your dough.
MORE: BEWARE OF FAKE BROWSER UPDATES ON YOUR MAC
Another note that Kaspersky mentioned for this particular malware has been targeting users with the macOS Ventura 13.6, which was just released in September 2023. We don’t know for sure, but this seems to suggest that if you’re not running that, then you might be safe from this hack, this time.
Of course, if you also don’t have cryptocurrency, you’re probably okay, too. However, this unique type of malware that uses pirated software to get on your device is not all that new. Hackers have used this method of exploiting pirated software before, and they’ll do it again.
So, how can you keep yourself safe?
Remember, for the hacker to get the malware on your device, you have to download it. This is done by clicking on a link or a file that’s generally suspicious, but not always. In the case of this threat, hackers understand that cryptocurrency users are probably more tech-savvy than the average person, and are therefore more attuned to hacks that are out there. Because of this, hackers have to find ways to trick you into downloading the malware in the first place. So here are 5 things you can do to protect yourself.
1) Don’t download bootleg software:
2) Don’t click on suspicious links or files: If you encounter a link that looks suspicious, misspelled, or unfamiliar, avoid clicking on it. Instead, consider going directly to the company’s website by manually typing in the web address or searching for it in a trusted search engine. Typically, the first or second result that appears is legitimate.
3) Update your device with software regularly: Regularly updating your device’s software is crucial for security because it ensures that you receive the latest patches, bug fixes, and security enhancements. These updates help protect your device from vulnerabilities and potential threats that could be exploited by malicious actors.
4) Consider storing your cryptocurrency wallet in an external hard drive: If you do have cryptocurrency, you can always consider storing your wallet in an external hard drive. This storage method means that it’s safe from hackers on the internet.
5) Have good antivirus software: The best way to protect yourself from clicking malicious links that install malware that may get access to your private information is to have antivirus protection installed on all your devices. This can also alert you of any phishing emails or ransomware scams.
My top pick is TotalAV, and you can get a limited-time deal for CyberGuy readers: $19 your first year (80% off) for the TotalAV Antivirus Pro package.
Kurt’s key takeaways
It’s a scary threat that could cost you a lot of money if you’re not careful. But you can protect yourself by following the steps above, so you can enjoy your cryptocurrency without worrying about losing it to hackers.
Do you believe government regulations should play a stronger role in protecting crypto users? Let us know in the comments below.
FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
Copyright 2024 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.
1 comment