A new macOS malware, dubbed Reaper, is targeting cryptocurrency wallet data by exploiting fake download pages for popular apps like WeChat and Miro. The malware hijacks the macOS script editor using AppleScript URLs, embedding malicious code disguised with ASCII art and spaces. Once activated, it prompts users with a fake Apple security update to obtain their computer passwords.
Reaper specifically targets desktop crypto applications such as Ledger Live, Trezor Suite, and Exodus, altering their internal code to intercept and redirect transactions. It also extracts stored credentials from browsers like Chrome, Firefox, and Edge, and retrieves sensitive files from desktop and document folders. Additionally, Reaper installs a backdoor masquerading as a Google software update to maintain persistent access. Security experts urge users to verify download sources and avoid entering passwords in unexpected prompts.
Reaper Malware Targets macOS Users to Steal Crypto Wallet Data
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.