Kaspersky Warns of Mac Exploit Targeting Bitcoin and Exodus Wallets

Apple users who are generally conditioned to ignore malware alerts that usually affect more open platforms should take note: there is a verified macOS exploit targeting the latest version of the operating system that can trick Bitcoin and Exodus wallet users into downloading a fake, malicious version of their software, cybersecurity firm Kaspersky reported.

Clean living helps: the newly discovered malware, Kaspersky said, is distributed through pirated applications, and unlike other proxy trojans or software meant to take control of a remote computer, this malware is focused on compromising wallet applications.

“The crypto Trojan is unique in two ways: first, it uses DNS records to deliver its malicious Python script,” Kaspersky said. “Second, it doesn’t just steal crypto wallets; it replaces a wallet application with its own infected version. This allows it to steal the secret phrase used to access the cryptocurrency stored in the wallets.”

According to Kaspersky, the malware targets macOS versions 13.6 and above, whether running on Intel or Apple Silicon devices.

“The creators show unusual creativity by hiding a Python script in a DNS server’s record, increasing malware’s level of stealth in the network’s traffic,” Kaspersky security researcher Sergey Puzan said in the report. “Users should be extra cautious, especially with their cryptocurrency wallets. Avoid downloading from suspicious sites and use trusted cybersecurity solutions for better protection.”

Malware targeting crypto wallets is not new. Since November, over $4 million has been stolen through fake airdrops and scams on the Solana network. In a separate report in June, security firm Elliptic Connect reported that hackers tied to North Korea’s Lazarus group stole over $35 million from users of Atomic Wallet and made off with multiple cryptocurrencies, including USDT, XRP, Cardano, and Dogecoin.

Even though a Kaspersky spokesperson tells Decrypt that the company has not contacted Apple and Exodus, Kaspersky’s report alarmed Exodus Wallet CEO JP Richardson, who noted popular wallets like Exodus, Coinbase, and MetaMask were targets of hackers in the past.

“At Exodus, we're deeply committed to safeguarding our customers,” Richardson told Decrypt. “Our approach includes comprehensive code audits by our engineers to identify and mitigate any potential threats,” he said, adding the process involves both internal and external reviews to ensure the highest level of scrutiny.

While Exodus prioritizes customer security, Richardson said, the company recommends using a hardware wallet as an extra layer of security.

“It's indeed alarming how these malware attacks via social engineering are impacting people, particularly in terms of financial loss,” he said.

For users looking to protect their digital investments, Kaspersky recommends updating their computer's operating system, installing anti-malware software, and only downloading apps from official stores like the Apple App Store.

“Apps from these markets are not 100% failsafe, but at least they get checked by shop representatives, and there is some filtration system — not every app can get into these stores,” Kaspersky said.

Despite these precautions and the added security hardware wallets provide, they are not a silver bullet against theft. In November, Blockchain analyst ZachXBT reported that 16.8 Bitcoin, around $587,238 at the time, was stolen after a fake Ledger cryptocurrency wallet management app was downloaded from the Microsoft App Store.

Edited by Ryan Ozawa.