New OS X Backdoor Can Scan Computers For Cryptocurrency Wallet Files

For the longest time, many people assumed Mac OS X was one of the most secure operating systems. But several exploits and backdoors have been uncovered in recent months, which paint a very different picture. The latest such exploit attempted to steal data from users. Although this malware is not limited to OS X, it did manage to cause some concern.

A New Threat Arrives On Mac OS X

Internet criminals are becoming craftier when it comes to releasing harmful code on the web. Albeit most of the attacks are targeted at Windows users, Macintosh fans are getting a lot of unwanted attention as well. A new backdoor was recently discovered which affects multiple operating systems, including OS X and Linux.

What this malicious code does is capture audio and taking screenshots every 30 seconds. Regardless of what the user might be doing at that time, the information is logged, and communicated through a server. Although this may seem rather harmless, it is a serious worry for any computer user.

But there is more, as the backdoor can also monitor removable storage, and search the entire system for Office documents. Hackers can also execute remote code through this vulnerability, although it remains unknown how far the privileges go. Adjusting what files to look for on the computer is one possibility, which may put cryptocurrency users at risk.




To make matters worse, the backdoor will create multiple copies of itself and attach to any existing caches. Services such as Skype, Dropbox, Firefox, and Google and among the potential targets. Once this step has been completed, the backdoor will create a remote connection to the command and control server using AES-256 encryption.

For the time being, it remains unclear as to how much damage was done through this malware. It is possible no harmful data has been captured, although having things screenshotted in the background is a rather invasive manner. While OS X is still less prone to vulnerabilities than Windows, criminals are no longer putting all of their eggs in the Microsoft basket.

Image credit 1

If you liked this article follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin and altcoin price analysis and the latest cryptocurrency news.

  • Johan Niklasson

    OK, but what can one do to find out if one’s computer is infected and how can one get rid of the code if it is?

    • That’s the most pressing question! I’m not sure why the article didn’t include that information.

  • goofybottom

    The fact that they don’t mention the virus name, or link to a reputable source that would further explain how to identify and protect yourself (if possible) makes this article useless.

  • Frits Grootendorst

    Format your computer with a new factory install, don’t install/click on crap or stuff you don’t thrust use a good virus scan and a VPN