A newly discovered Mac Trojan virus has raised significant concerns in the crypto community after it was able to steal private keys to cryptocurrency wallets in just ten seconds.
How Does the Trojan Targeting MacOS Devices Work?
By tricking users into downloading a disguised DMG package and gaining administrative permissions, the malware can bypass Apple's security reviews and quickly access sensitive files like wallet seed phrases and account credentials.
Despite Apple’s reputation for strong security measures and a strict app review process, this Trojan relies on a common phishing method to log in. The attacker tricks users into believing they’re installing legitimate software, when in reality it’s malware. While Windows systems face similar threats, this latest incident is a reminder that no platform is completely safe.
This is how the Trojan successfully infiltrates a user's system.
To carry out its plan, the malware requires the user's administrator password, which is typically the same as the Mac's lock screen password. Entering this password gives the malware system-level permissions, allowing it to make changes like changing configurations and accessing protected folders.
Malicious programs often present users with deceptive prompts asking them to “Enter your unlock password to install.” For those unfamiliar with macOS security, this step can easily be overlooked, allowing the Trojan to infiltrate the system.
The most concerning aspect of the Trojan is its speed. Within seconds of receiving permission, the malware can scan and load sensitive files, including browser cookies, autofill data, saved passwords, and locally stored encrypted wallet seed phrases from apps like MetaMask. In some cases, passwords are cracked locally, while others are sent to a hacker’s server for further decryption. Even passwords stored in iCloud are vulnerable to attack.
SlowMist researcher @evilcos said typical targets of the malware include:
- Extract and load wallet seed phrases: Hackers can decrypt these locally or crack them remotely. Users may not notice until the assets are gone days or weeks later. If a wallet has a low balance, attackers may wait for a higher value before attacking.
- Stealing account permissions from browser cookies: This allows hackers to take over accounts on platforms like X or exchanges to send malicious messages or transfer funds.
- Abusing communication apps like Telegram and Discord: This makes it easier to spread harmful messages to other users.
What Precautions Can Be Taken Against Trojan?
Be especially careful when asked to install software presented as an application or game related to the project. These could be cleverly disguised Trojan scams.
If you have a habit of downloading third-party software indiscriminately or have no experience identifying malware, avoid using that computer for crypto-related activities. At the very least, make sure you have antivirus software installed.
Be aware that even third-party software that is initially safe may be compromised in future updates or new versions.
*This is not investment advice.