OneKey: How Can the Latest Mac Trojan Steal Your Crypto Wallet in 10 Seconds?
It’s commonly said in the crypto world that Apple computers are safer than Windows systems, but nothing is completely secure. Recently, a video posted by SlowMist team member @im23pds sparked heated discussions. In the video, after a Mac installed a DMG package, the hacker’s server obtained various account permissions and wallet private key files from the computer in just ten seconds — completely compromising the system. This article will explain how the attack happened and provide three crucial recommendations you must know. How exactly does the attack happen? 1. Bypassed Apple’s Official Review It’s easy to guess that the attack begins with a typical phishing tactic: tricking the user into thinking they are installing legitimate software, when in fact, it’s a trojan virus. Windows faces similar risks. In most cases, installing software from the Apple Store is safe because Apple has a stringent review process. The system’s access is tightly restricted, minimizing the chance of malicious activity. However, many users are in the habit of installing software from outside the Apple Store, ignoring warnings about “unknown programs.” In this case, the user installs an unknown program directly. 2. Obtained the Mac’s Admin Password This admin password is also your lock screen password, and having it grants system permissions. Once an application gets this password, it can make system-level changes (like modifying system configurations or accessing specific system folders). Keep in mind that most legitimate apps do not require admin permissions. This malicious program craftily pops up a window saying, “Enter your unlock password to install.” Those unfamiliar with MacOS security can fall for this. Once the password is entered, the malicious program is free to cause harm. 3. A Full Auto Sweep Next comes the swift part: within seconds, the malware scans and uploads sensitive files like browser cookies, auto-fill data, passwords, and encrypted local files containing wallet seed phrases (e.g., MetaMask). It can even access passwords saved in iCloud. According to SlowMist’s @evilcos, the attack generally aims to: a. Extract encrypted local seed phrases from wallets and upload them. Some passwords can be decrypted locally, while others are sent to the hacker to be cracked later. Some people find their assets stolen days later. If the target wallet has a small balance, the hacker might wait to steal when it grows. Even if you use a complex password to protect MetaMask, if your wallet is ever unlocked, the hacker can steal your private key in the background. b. Steal account permissions stored in browser cookies. For example, X accounts or exchanges can be compromised to send malicious messages or transfer tokens. c. Compromise Telegram, Discord, etc., to send malicious messages. How to Prevent It? Three Essential Tips to Thwart Hackers. 1. Don’t Ignore the Risks of Installing Unknown Apps on Your Crypto Computer. First, be extremely cautious when someone asks you to install an app, especially if it’s disguised as a project-related app or game. These are often trojan scams. Second, if you have poor security habits — installing third-party software recklessly and without the ability to identify malware or using a virtual sandbox environment — then don’t use that computer for crypto transactions. At the very least, install antivirus software. Moreover, third-party software may only be temporarily safe. It doesn’t mean future updates or DMG packages will remain secure. Lastly, never give an unknown program your admin password. 2. Use a Hardware Wallet to Isolate Your Private Key! Diversifying risk is crucial. Make sure you aren’t at risk of losing everything to a single attack. Only keep a small amount of assets in hot wallets like MetaMask, which you can access as needed. The risk with hot wallets is that your private key is generated, stored, encrypted, and signed on the same online device. If malware accesses your private key file or a hacker takes control, all assets could be stolen at once. Therefore, it’s recommended to use one or even multiple multi-signature hardware wallets to store most of your assets. Mainstream hardware wallets like OneKey (ours), Ledger, Trezor, and others are designed to ensure your private key is generated, stored, and signed in offline, encrypted hardware, only transmitting necessary information during the signing process. This keeps your private key completely off your computer, reducing the risk of it being compromised by hackers. 3. Use the Web Version of Exchanges and Avoid Saving Login Information Web-based exchanges are generally less secure than mobile apps, so always log out after using them. Many people choose to save their passwords and login details for convenience. However, this can make it easy for attackers to access your exchange accounts if the device is compromised. Although most people set up 2FA, there are still ways around it. There have been cases where malicious Chrome extensions stole cookies and manipulated trades to move funds to the hackers through low-buy, high-sell operations. Lastly The best defense is always vigilance — prevention is better than cure. Phishing has become an industrialized and automated process, with clear divisions of labor and profit-sharing. Once assets are transferred and laundered by a professional hacker group, they are often irretrievable! It’s best not to give hackers any opportunity at all. Follow us Wu Blockchain is free today. But if you enjoyed this post, you can tell Wu Blockchain that their writing is valuable by pledging a future subscription. You won't be charged unless they enable payments. |
Older messages
VC Monthly Report for Oct:Funding Number Down by 3%, Funding Amount Up by 28%, Featuring the Largest Acquisition i…
Monday, November 4, 2024
According to RootData, there were 95 publicly announced Crypto VC investment projects in October, down 3% from September (98 projects) but up 16% year-over-year (82 projects in October 2023). ͏ ͏ ͏ ͏ ͏
Asia's weekly TOP10 crypto news (Oct 28 to Nov 3)
Sunday, November 3, 2024
Christopher Hui, Hong Kong's Secretary for Financial Services and the Treasury, announced at Hong Kong Fintech Week that virtual assets are being included in a new proposed tax incentive policy. ͏
Weekly Project Updates: Optimism Grants Kraken Massive OP Token Allocation, Zircuit Airdrops for EigenLayer Holder…
Saturday, November 2, 2024
A total of 1772712.363 BNB, valued at approximately $1.07 billion, has been burned. Due to the ongoing BNB Chain integration, this quarter's burn, as well as future burns, will occur directly on
The Graph: Powering Web3's Data with Decentralization
Saturday, November 2, 2024
In this episode, we are joined by Eva, Director of The Graph Foundation, to discuss the current state and future of The Graph and the broader Web3 ecosystem. ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏
WuBlockchain Weekly: Bitcoin White Paper’s 16th Anniversary, CZ’s First Statement Post-Release, DWF Partner Implic…
Friday, November 1, 2024
On Thursday, CZ made an appearance at the Binance Blockchain Week event and delivered a keynote speech. ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏
You Might Also Like
Ripple warns of deepfake scams amid XRP price surge
Tuesday, December 3, 2024
Ripple intensifies efforts against deepfake scams amidst record XRP price, advising community caution. ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏
Understanding Staking Yields and Economics on Ethereum & Solana
Tuesday, December 3, 2024
Contextualizing staking yields, inflation, and network economics on Ethereum & Solana ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏
WuBlockchain x Vitalik, Part 1: Ethereum's China Story, Russia-Ukraine War, and BCH's Big Block Concept
Tuesday, December 3, 2024
This podcast is the first part of an interview by WuBlockchain founder Colin Wu with Ethereum co-founder Vitalik Buterin. ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏
Enron is back to launch crypto token focused on solving the energy crisis
Monday, December 2, 2024
The 'n in Enron now stands for 'nice' as memecoins erupt over company relaunch. ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏
VC Monthly Report for Nov, Sets 13-Month Low in Funding Number and Amount
Monday, December 2, 2024
According to data from RootData, 86 crypto VC-funded projects were publicly disclosed in November, marking a 13.1% month-over-month decline (99 projects in October 2024) and an 8.5% year-over-year drop
AI Agents Continues To Flourish As Numerous Tokens Soar
Monday, December 2, 2024
We bring you the top stories in crypto every week! Stories like... Monday Dec 2, 2024 Sign Up Your Weekly Update On All Things Crypto TL;DR Welcome to this week's edition of CryptoWeekly Recap,
📈 Stablecoin market capitalisation hits an all-time high; Crypto.com to be the title sponsor for the upcoming Cry…
Monday, December 2, 2024
Stablecoin market capitalisation hits an all-time high; Crypto.com to be the title sponsor of the Crypto.com Showdown featuring PGA Tour and LIV Golf players; Crypto.com launches CDCBTC and CDCSOL ͏ ͏
US influence over Bitcoin grows with Trump victory
Sunday, December 1, 2024
Trump's election win signals new era for US bitcoin market power. ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏
Asia's weekly TOP10 crypto news (Nov 25 to Dec 1)
Sunday, December 1, 2024
Russian President Vladimir Putin has signed a digital currency taxation law, officially classifying digital currencies as property and extending their use to foreign trade payments under the EPR
Analyst warns of ‘leverage driven pump’ as XRP price soars
Saturday, November 30, 2024
The crypto issued by Ripple Labs started its climb following the US elections, accumulating a 232% price increase in the past 30 days. ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏