Cyber Security News

Hackers use Pirated Apps to Hack macOS Machine & Install Malware

Beware! Your free download from the torrent sea might come with a hidden price: backdoor malware. 

Researchers at Kaspersky have discovered a widespread macOS malware targeting users who download cracked copies of popular software

This insidious campaign is dubbed macOS.Bkdr.Activator silently infects users through cracked versions of popular software. 

The selection of software titles being focused on encompasses a wide range of applications specifically designed for business and productivity purposes, which could potentially be highly appealing and useful in various workplace environments.

Let’s delve into its chilling tactics published by SentinelOne

Stage 1: The malware hides within seemingly legitimate cracked apps like 4K Video Downloader and iTubeGo. 

Unaware users download the infected bundle containing:

  • “Uncracked” App: This decoy lulls you into thinking it’s unusable, prompting you to run the “Activator.”
  • Activator App: This seemingly helpful tool holds the real threat.
Run Free ThreatScan on Your Mailbox

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

Stage 2: Activating the Backdoor

The Activator app, disguised as a savior, requests your administrator password. 

Don’t grant it! This password unlocks its true agenda:

macos malware
  • Disabling Gatekeeper: This macOS security shield gets bypassed, allowing any app to run.
  • Installing Python: If absent, it sets up a tool for further mischief.
  • Killing Notification Center: Silencing potential warnings about its actions.
  • Installing a LaunchAgent: This persistent malware ensures its survival on your system.

Stage 3: Reaching Out to the Dark Side

The malware isn’t alone. It:

  • Contacts a Remote Server: It retrieves instructions and potentially additional malware.
  • Checks for Past Infections: It avoids redundant actions if already established.
  • Executes Downloaded Scripts: These scripts could do anything from stealing data to turning your Mac into a bot.

“The campaign is ongoing and we continue to track and identify new malicious samples. When the policy is set to ‘Protect’, the SentinelOne agent blocks execution of malicious samples,” reads the report.

Follow us on LinkedIn for the latest cybersecurity news, whitepapers, infographics, and more. Stay informed and up-to-date with the latest trends in cybersecurity.


Divya is a Senior Journalist at Cyber Security news covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Palo Alto Networks PAN-OS Zero-day Under Active Attack

In a recent security alert, Palo Alto Networks has disclosed a critical vulnerability within its…

9 hours ago

DuckDuckGo Launches Privacy Pro : 3-In-1 Service With VPN

DuckDuckGo is a search engine that takes users' privacy seriously. It does not track or…

10 hours ago

Wiz to Acquire Gem Security for $350M to Address Cloud Security

Wiz, a leading cloud security company, has announced its acquisition of Gem Security for $350…

15 hours ago

Critical Bitdefender Vulnerabilities Let Attackers Gain Control Over System

Bitdefender GravityZone Update Server (versions 6.36.1, Endpoint Security for Linux, and Endpoint Security for…

15 hours ago

Ukrainian Hackers Hijacked 87,000 Sensors to Shut down Sewage System

Ukrainian hackers have successfully infiltrated and disabled a vast network of industrial sensors and monitoring…

16 hours ago

Zscaler Acquires Airgap Networks to Enhance Zero Trust SASE

Zscaler has announced the acquisition of Airgap Networks, a company renowned for its agentless segmentation…

18 hours ago