MacOS users are being targeted with dangerous malware once again

hacker.jpeg
(Image credit: TR)

Here is another reason why you shouldn’t download cracked or pirated software to your macOS devices - there’s malware hiding within.

Cybersecurity researchers from Kaspersky are warning of a new piece of malware, built for the Apple ecosystem, being distributed on websites claiming to offer cracked applications. 

Victims would download a PKG file, thinking they were getting an activator for a cracked app they previously downloaded. They would place the PKG in the /Applications/ folder, as part of the instructions to “activate” the cracked piece of software.

macOS malware strikes again

On the surface, the malware works as “intended” - the victim will get a bogus Activator window, asking for the administrator password. Granted, the malware proceeds to contact its command and control (C2) server and get a script capable of running arbitrary commands on the target endpoint.

An interesting thing about this malware is how it contacts the C2 server at the correct URL - it pulls words from two hardcoded lists and adds a random sequence of five letters as its third-level domain name. That way, the malicious activity is hidden inside normal traffic.

"With this URL, the sample made a request to a DNS server as an attempt to get a TXT record for the domain”, Kaspersky explained

The final payload grants the attackers all kinds of advantages, from backdoor access, to information about the compromised system, and more. Among other things, the malware will look for Bitcoin Core and Exodus wallets on compromised devices, and if it finds them, replaces them with backdoored copies. Once the victim tries to log into their wallets again, they could have their funds drained almost instantly. 

Kaspersky also said that while it was investigating the malware, the C2 came back with an upgraded version of the backdoor script, signaling continuous development. However, command execution was not yet available, Kaspersky said, suggesting that the malware is still work-in-progress.

Via BleepingComputer

More from TechRadar Pro

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
These fake macOS updates are actually just looking to spread malware
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Mac users targeted with new malware, so be on your guard
Illustration of a laptop with a magnifying glass exposing a beetle on-screen
This devious macOS malware is evading capture by using Apple's own encryption
Ransomware
Microsoft spies a new and worrying macOS malware strain
Android phone malware
Screen reading malware found in iOS app stores for first time - and it might steal your cryptocurrency
Ransomware
Microsoft uncovers sleuthy new XCSSET MacOS malware campaign
Latest in Security
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
China
Notorious Chinese hackers FamousSparrow allegedly target US financial firms
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
NHS
NHS IT supplier hit with major fine following ransomware attack
Latest in News
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
Toni Collette in Hereditary
Everything leaving Netflix in April 2025 – from the scariest movie ever made to a beloved DreamWorks animation with 99% on Rotten Tomatoes
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
Close up of Leica M11-P viewfinder
I wince at the prospect of the rumored Leica M11-V – here's why