Mac users are being targeted again with dangerous malware - here's what to know

(Image credit: Shutterstock / BeeBright)

Hackers are tricking macOS users into becoming a part of a proxy botnet by offering them pirated commercial software, researchers have revealed

A new Kaspersky report has uncovered dozens of premium programs being offered for free online - but bundled with the installation files are proxy trojan installers malware

In total, Kaspersky uncovered 35 programs, including image editing software, video compression and editing programs, data recovery and network scanning tools, and more, all being offered in PKG format instead of the standard disc image format.

Elevated privileges

The most popular software, the researchers added, include:

  • 4K Video Donwloader Pro
  • Aissessoft Mac Data Recovery
  • Aiseesoft Mac Video Converter Ultimate
  • AnyMP4 Android Data Recovery for Mac
  • Downie 4
  • FonePaw Data Recovery
  • Sketch
  • Wondershare UniConverter 13
  • SQLPro Studio
  • Artstudio Pro

The PKG format allows all bundled scripts to execute with the same, elevated permissions. This means that the trojan is granted permission to modify files, autorun apps, and execute commands. 

Proxy trojans work by assimilating compromised endpoints into a network. The bandwidth these endpoints have is then offered on the dark web to other hackers, who use it to stay anonymous while performing different illegal tasks online, such as hacking, phishing, and illicit goods transactions.

While this particular campaign seems to be targeting macOS users, Kaspersky’s researchers have reason to believe that this threat actor targets other operating systems as well, just with a different installer.

Less than a month ago, cybersecurity researchers at BitSight discovered a major proxy botnet encompassing more than 10,000 infected devices. The proxy botnet is called Socks5Systemz, and its operators used two separate loaders, PrivateLoader and Amadey, to infect the endpoints.

The loaders were usually distributed via phishing, different exploit kits, malicious ads, fake programs, cracks, keygens, and similar. Operators can then sell access to these devices to subscribers, who pay anywhere between $1 and $140 to access them and reroute their traffic.

Via BleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.