Kaspersky Labs Uncovers MacOS Malware Targeting Bitcoin and Exodus Wallets

Ruholamin Haqshanas
Last updated: | 2 min read
Kaspersky Labs Uncovers MacOS Malware Targeting Bitcoin and Exodus Wallets

Cybersecurity firm Kaspersky Labs has uncovered a new strain of malware specifically designed to target macOS users and their Bitcoin and Exodus wallets.

The company said in a press release on Monday that the malware is distributed through pirated software and replaces legitimate wallet applications with infected versions

New Strain of Trojan Malware Targets Bitcoin Holdings


The researchers at Kaspersky believe that the hackers are developing the malware for an upcoming campaign.

The discovery was made in December when Kaspersky researchers stumbled upon a new family of trojan proxies.

The hackers behind this malware exploited cracked versions of legitimate applications downloaded from unauthorized sources.

They took advantage of users willing to disable security measures and install software from questionable websites.

The malware specifically targets macOS versions 13.6 and above.

It works by stealing a user’s computer security password when it is entered into an activator box.

The malware also gains access to the private keys of the compromised crypto wallets when users attempt to open them.

While the method used by the hackers is relatively basic, the malware itself is described as “seriously ingenious” by the researchers.

It functions as a backdoor, granting the hackers administrator privileges and allowing them to replace the legitimate Exodus and Bitcoin wallet applications with infected versions.

These infected versions then steal the secret recovery phrases as soon as the wallet is unlocked.

Kaspersky Suggests Using Trusted Websites


To avoid falling victim to this unfolding malware campaign, Kaspersky advises users to stick to trusted websites, keep their operating systems updated, and employ a reliable security solution.

Hackers have also employed other techniques, such as disguising malware as legitimate wallets on online stores or creating fake websites.

This practice has become so prevalent that the United States Federal Bureau of Investigation (FBI) has issued warnings about it.

In a similar incident in November, the Lazarus Group, a notorious hacking group associated with North Korea, developed malware targeting macOS users in the decentralized finance community.

This malware was distributed through Discord groups, posing a threat to cryptocurrency users.

Despite losing around $2 billion to crypto thefts, 2023 saw a slight decline in hacking incidents targeting the cryptocurrency industry.

According to a recent report from De.FI, a prominent web3 security firm known for its REKT database, hackers managed to pilfer $2 billion in digital assets throughout the year.

While that amount is still alarming, it marks the first decrease in crypto hacking incidents since 2021.

In 2022, Chainalysis, a blockchain monitoring firm, reported an all-time high of $3.8 billion stolen by cybercriminals in the crypto realm.

Notably, North Korean government hackers, known as the Lazarus Group, accounted for $1.7 billion of that total.

The group’s prolific activities aimed to fund the country’s nuclear weapons program in violation of international sanctions.

Back in 2021, hackers managed to seize $3.3 billion in digital assets, according to data from Chainalysis.