Hackers are using these pirated softwares to spread malware on Mac | Technology News | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

A new malware campaign is targeting Mac users who choose to download pirated versions of popular apps from warez websites. Cybercriminals are reportedly using proxy trojans to infect devices running on macOS and turning them into terminals to further spread the malware and run hacking and phishing campaigns.

According to a recent report by known cybersecurity Kaspersky, the campaign was first spotted earlier this year in April and sells proxy access which eventually transforms into botnets like Qakbot, which was recently dismantled and removed from around 7,00,000 machines by the Federal Bureau of Investigation.

Kaspersky’s report states that the malware campaign targets users who are not willing to pay for premium versions of apps. The cybersecurity firm found that the trojan was injected in pirated versions of 35 popular image-editing, video compression, editing, data recovery and network scanning apps.

Some of the most popular apps that are packed with the trojan include 4K Video Downloader Pro, Aissessoft Mac Data Recovery, Aissessoft  Mac Video Converter Ultimate, AnyMP4 Android Data Recovery for Mac, FonePaw Data Recovery, Sketch, Wondershare UniConverter 13, SQLPro Studio, Artstudio Pro and Downie 4.

Unlike original macOS software, which is often distributed as disk images, the pirated version of these trojan-packed apps are offered as PKG files. Since these files run with administrative privileges, the bundled scripts can modify system files, autorun on startup and execute commands.

Festive offer

The trojan hides by naming itself after a legitimate system process called ‘WindowServer’ that is used by macOS to manage the user interface. The file that launches this process is named ‘GoogleHelperUpdater.plist’, another legitimate-sounding Chrome file which makes it harder to detect the trojan.

While Kaspersky could not see what commands the malware executes, it uses TCP and UDP networking protocols to act as a proxy. Kaspersky’s report suggests that apart from macOS apps, the trojan seems to be affecting Android and Windows devices as well.

© IE Online Media Services Pvt Ltd

First published on: 04-12-2023 at 18:30 IST


Click Here For The Original Story From This Source.

National Cyber Security