Kaspersky Lab’s information security researchers have identified a backdoor in macOS that enables criminals to siphon crypto wallets from Apple computer users. The company’s press service shared the disclosure with socialbites.ca, noting that the flaw creates a stealthy path for attackers to access wallet data without triggering standard alarms on many machines. This finding underscores ongoing challenges in securing popular desktop operating systems against targeted theft of digital assets, and it situates macOS alongside other platforms as a potential target for financially motivated intrusions. (Kaspersky Lab)
The backdoor functions by concealing malicious traffic generated by the attacker, effectively camouflaging it so that it remains invisible to macOS built-in security safeguards. Attackers deploy a Trojan disguised as legitimate software to capture and relay wallet credentials. In practice, the malicious code is designed to blend into ordinary network activity, evading routine anomaly detection and making the intrusions harder to detect until after the wallet data has been compromised. Such behavior is typical of modern credential-stealing campaigns that prioritize stealth, persistence, and rapid exfiltration of funds. (Kaspersky Lab)
Trojans of this sort are frequently embedded in pirated software. When a user downloads and installs these counterfeit programs, they are often prompted to provide an administrator username and password as part of the setup process. Once submitted, the malware gains elevated privileges, allowing it to perform privileged actions, access sensitive data, and—crucially—switch the intended wallet credentials with duplicates prepared by the attacker. The result is a seamless transition from legitimate login to a compromised session, with the attacker quietly siphoning cryptocurrency as the user unwittingly interacts with their own wallet. (Kaspersky Lab)
In practical terms, a hacker who illicitly gains control of a victim’s computer can swap a legitimate crypto wallet token for a counterfeit one. When the victim opens the altered wallet app and enters their authorization details, the attacker can harvest the access tokens and transfer funds to a stolen address. The mechanics mirror established online fraud patterns, but the targeted nature of this campaign raises the stakes for individual users and organizations alike, especially those who routinely handle digital assets. (Kaspersky Lab)
Kaspersky Lab has warned that macOS versions 13.6 and newer are at risk due to the backdoor’s ability to exploit system behaviors introduced in recent releases. While Apple regularly patches vulnerabilities, the window for exploitation can remain open for active campaigns, emphasizing the importance of timely updates, cautious software sourcing, and robust credential hygiene. Users are urged to verify software provenance, avoid pirated programs, and implement multi-factor authentication where possible to reduce exposure to credential theft and unauthorized access. (Kaspersky Lab)
Historically, similar fraud schemes have shown that cybercriminals adapt quickly, leveraging new distributions channels and social engineering techniques to broaden their reach. The current case serves as a reminder that even trusted platforms can be abused when attackers exploit human factors, such as prompts for credentials and the perceived legitimacy of what appears to be legitimate software. Vigilance, along with layered defenses and proactive threat monitoring, remains essential for reducing risk. (Kaspersky Lab)