The Russian company Kaspersky Lab has discovered a new type of malicious software capable of stealing cryptocurrency from wallets on devices running macOS version 13.6 and higher with Intel and Apple Silicon processors.
The Trojan is distributed as part of pirated disk images under the guise of a so-called activator. During activation, the user is prompted to copy the application data to the Applications folder, and after pressing the PATCH button, enter the system password.
The fake activator includes a Python 3.9.6 installation package, after deployment of which the virus downloads an encrypted script to the computer that transfers control to the hacker.
The scammer changes the icon of a legitimate cryptocurrency wallet to the icon of a fake one. When a user launches a fake application and enters wallet data, cryptocurrency is stolen from him.
Kaspersky Lab advises downloading applications only from official stores, using strong passwords and periodically changing them to new ones.
Earlier, Kaspersky Lab stated that the number of asset thefts from crypto investors is growing in Russia.