The myth of Apple computer invulnerability in the crypto world has been shattered. A newly discovered Mac Trojan can compromise systems and steal crypto wallet private keys in a mere ten seconds, sparking serious security concerns. A recent video demonstration by SlowMist team member @im23pds revealed the alarming speed and efficiency of this attack, which tricks users into installing a disguised DMG package.
The Attack Breakdown
This attack bypasses Apple’s stringent security measures through a clever phishing strategy. Users are tricked into installing what appears to be legitimate software, but is actually a Trojan horse. While Apple’s review process generally safeguards against malicious apps from the App Store, many users routinely install software from external sources, often ignoring warnings about “unknown programs.”
Once installed, the Trojan requests the Mac’s administrator password under the guise of a routine installation process. Unsuspecting users, unaware that most legitimate apps don’t require such permissions, readily provide their password, granting the malware full system access.
With administrator privileges, the Trojan swiftly scans the system, uploading sensitive data to the hacker’s server within seconds. This includes browser cookies, auto-fill data, saved passwords, and critically, encrypted local files containing wallet seed phrases, such as those used by MetaMask. Even iCloud Keychain passwords are vulnerable.
According to SlowMist’s @evilcos, the attack’s primary objectives are:
- Stealing Encrypted Seed Phrases: These are uploaded for decryption, sometimes locally, sometimes by the hackers later. Stolen funds may not be immediately apparent, with hackers potentially waiting for wallet balances to increase. Even complex MetaMask passwords offer little protection if the wallet is ever unlocked while the Trojan is active.
- Compromising Online Accounts: Stolen browser cookies grant access to exchange accounts and social media platforms, enabling malicious activities like sending phishing messages or transferring tokens.
- Hijacking Communication Platforms: Access to Telegram, Discord, and other platforms allows hackers to spread malicious messages and further their attacks.
Three Essential Tips for Protection:
- Exercise Extreme Caution with Unknown Apps: Be wary of any requests to install apps, especially those related to projects or games, as these are common Trojan disguises.
- Practice Safe Computing Habits: Avoid reckless installation of third-party software. If you lack the expertise to identify malware or utilize a virtual sandbox environment, refrain from using that computer for crypto transactions. At the very least, install reputable antivirus software. Remember, even previously safe software can become compromised through updates.
- Never Disclose Your Admin Password to Unknown Programs: This is a crucial security practice to prevent unauthorized system access.
