A new stealer malware has been discovered infecting Apple macOS users, targeting machines running macOS Ventura 13.6 and later. The malware is distributed through cracked software and is capable of harvesting system information and cryptocurrency wallet data. It uses booby-trapped disk image files that prompt users to move and run certain components, ultimately executing a modified executable with elevated permissions. The malware establishes contact with a command-and-control server to fetch an encrypted script, which functions as a downloader for the main payload. The backdoor, maintained and updated by the threat actor, replaces crypto wallet applications with infected versions that steal recovery phrases. Cracked software has become a common method of compromising macOS users with various types of malware.