Mysterious new macOS malware that steals cryptocurrencies discovered

Is called JokerSpy and it is a recently discovered malware in the environment macOS. This malicious agent, identified by Bitdefender ed Elastic Security Labsapparently acts on the Apple operating system through backdoorin an attempt to steal cryptocurrencies from the victims.

The discovery of JokerSpy demonstrates, once again, how cybercriminals are increasingly focusing on macOS, an environment until a few years ago considered extremely safe by users.

So far, BitDefender is working on four samples in total, while Eastic has focused on breaching one major one cryptocurrency exchange Japanese. The data collected so far are very few and, for this reason, many aspects of the malware are still shrouded in mystery.

How JokerSpy works, the new macOS malware

Of course, the malicious agent is known to use a binary file called “xcc” which contains files Mach-O for architectures Intel x86 e ARM M1theoretically allowing it to run on both Intel Macs and Apple Silicon.

After copying the existing TCC database to avoid detection, the xcc executable creates a backdoor based on Python before collecting system information which is then sent to the malware handlers.

Experts predict that, moreover, it is possible that any plug-in and other payload can be used to ensure greater control over the infected system.

JokerSpy was spotted in late May, but it is not known how long it has actually been active. Based on the limited evidence available, it seems unlikely that the average Mac user will be faced with JokerSpy right now. Certainly, thanks to the work of the experts, it will be possible to obtain more information on this campaign in the coming weeks.

However, to prevent potential risks, the advice is to pay attention to visited sites and related downloadas well as adopting a antivirus capable of making the Mac much more secure against the many threats on the Web.


Please enter your comment!
Please enter your name here