Hackers use Pirated Apps to Hack macOS Machine & Install Malware

Beware! Your free download from the torrent sea might come with a hidden price: backdoor malware. 

Researchers at Kaspersky have discovered a widespread macOS malware targeting users who download cracked copies of popular software

This insidious campaign is dubbed macOS.Bkdr.Activator silently infects users through cracked versions of popular software. 

The selection of software titles being focused on encompasses a wide range of applications specifically designed for business and productivity purposes, which could potentially be highly appealing and useful in various workplace environments.

Let’s delve into its chilling tactics published by SentinelOne

Stage 1: The malware hides within seemingly legitimate cracked apps like 4K Video Downloader and iTubeGo. 

Unaware users download the infected bundle containing:

• “Uncracked” App: This decoy lulls you into thinking it’s unusable, prompting you to run the “Activator.”
• Activator App: This seemingly helpful tool holds the real threat.

Run Free ThreatScan on Your Mailbox

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

Run Free Threat Scan

Stage 2: Activating the Backdoor

The Activator app, disguised as a savior, requests your administrator password. 

Don’t grant it! This password unlocks its true agenda:

• Disabling Gatekeeper: This macOS security shield gets bypassed, allowing any app to run.
• Installing Python: If absent, it sets up a tool for further mischief.
• Killing Notification Center: Silencing potential warnings about its actions.
• Installing a LaunchAgent: This persistent malware ensures its survival on your system.

Stage 3: Reaching Out to the Dark Side

The malware isn’t alone. It:

• Contacts a Remote Server: It retrieves instructions and potentially additional malware.
• Checks for Past Infections: It avoids redundant actions if already established.
• Executes Downloaded Scripts: These scripts could do anything from stealing data to turning your Mac into a bot.

“The campaign is ongoing and we continue to track and identify new malicious samples. When the policy is set to ‘Protect’, the SentinelOne agent blocks execution of malicious samples,” reads the report.

Follow us on LinkedIn for the latest cybersecurity news, whitepapers, infographics, and more. Stay informed and up-to-date with the latest trends in cybersecurity.