[x] Block cracked macOS apps that drain crypto wallets using scripts fetched from DNS records.
Description
Some cracked apps circulating on pirating websites and infected with a Trojan proxy. The malicious actors repackaged pre-cracked applications as PKG files with an embedded Trojan proxy and a post-install script initiating the infection. We recently caught sight of a new, hitherto unknown, macOS malware family that was piggybacking on cracked software. The threat proved far more potent than an unauthorized proxy server installation.
Enhancement idea
macOS
apps that drain crypto wallets using scripts fetched from DNS records.Description
Some cracked apps circulating on pirating websites and infected with a Trojan proxy. The malicious actors repackaged pre-cracked applications as PKG files with an embedded Trojan proxy and a post-install script initiating the infection. We recently caught sight of a new, hitherto unknown, macOS malware family that was piggybacking on cracked software. The threat proved far more potent than an unauthorized proxy server installation.
Links
https://securelist.com/new-macos-backdoor-crypto-stealer/111778/
IOC
I2P websites
n/a
IPFS websites
n/a
Tor2web websites
n/a
TOR websites
n/a
URL's
n/a
Folders
n/a
Sub-Domains
Domains
IP's
n/a
Emails
n/a
Wallet addresses
n/a
Mining pool addresses
n/a