Mac Trojan Can Steal Your Crypto Wallet in 10 Seconds

Reading Time: 2 minutes
  • Apple’s security measures have been bypassed by a sophisticated phishing attack, compromising users’ data
  • Admin passwords have been stolen, enabling hackers to gain full access to victims’ systems and sensitive data
  • Sensitive data like wallet seed phrases and account permissions have been accessed within seconds, resulting in significant security breaches

In a recent cybersecurity scare, Apple’s Mac systems, often seen as highly secure, have been targeted by a powerful phishing attack. The attack, highlighted by cybersecurity expert @im23pds from security team SlowMist , has exposed vulnerabilities in Mac computers when users install software from outside the Apple Store. Within seconds of downloading a compromised DMG file, the malware can steal critical information such as wallet private keys and account permissions, fully compromising the affected computer.

Entry Point is Outside Software

One of the main entry points for this attack is users installing software from outside the Apple Store, often ignoring security warnings. Apple’s review process generally minimizes risks, but many users download software from other sources, creating an easy route for attackers. 

According to SlowMist, “Users unknowingly download these trojans, thinking they are legitimate applications, only to face system-level compromises shortly after.” The malware gains complete control by tricking users into providing their Mac’s admin password, often the same as their lock screen password.

Many users are unaware that legitimate applications rarely require admin access, according to @im23pds:

Hackers prompt users with a seemingly routine password request, and once granted, the malicious software operates freely within the system.

This access allows the malware to alter system files and gather highly sensitive information.

Fast Data Extraction

Within seconds, the malware collects crucial data, such as browser cookies, saved passwords, and even encrypted wallet keys. SlowMist’s @evilcos explains, “The malware scans files rapidly, targeting browser auto-fill data and wallet seeds, even if secured in apps like MetaMask.” This allows hackers to wait for larger balances before emptying wallets, maximizing their profit.

To guard against such attacks, cybersecurity experts recommend avoiding downloads from unverified sources, using hardware wallets to isolate private keys, and refraining from saving sensitive information like login credentials on devices. Vigilance remains the best defense, as SlowMist emphasizes, “Phishing attacks are now highly automated and relentless—prevention is the most effective strategy.”

Share