JAKARTA - Kaspersky has identified a state-of-the-art proxy Trojan designed to infiltrate macOS operating systems, which are distributed through the official crack (piracy) version of software distribution.

The global cybersecurity company said the latest cyber threat poses a serious risk for users looking for alternative ways to gain the app.

This Trojan proxy operates disguised as a legitimate program during installation. Once infiltrated into the user system, the system secretly creates a secret proxy server, thus allowing attackers to change the network traffic route via compromised devices.

Expert analysis reveals the use of DNS-over-HTTPS (DoH) by Trojans in WindowServer files, hiding communications with Command and Control (C&C) servers. This protocol protects DNS demand, enhances its hidden capabilities.

In addition, Trojans make connections with C&C servers using the WebSocket protocol. The use of this WebSocket then allows Trojans to receive real-time commands from attackers, so they are able to adapt to changing circumstances and avoid detection more effectively.

In addition to the macOS app, researchers also identified several samples designed for Android and Windows platforms. This version also serves as a Trojan proxy, distributed alongside pirated software.

Cybercriminals have historically exploited users looking for free software through malware-laden cracked versions. Our new findings underscore this threat, especially considering Trojan proxies show advanced ability to hide their activities, "said Sergey Puzan, security researcher at Kaspersky.

So, to protect against trojan, Suzan appealed to macOS users to have to rely on strong and careful security software when downloading stay with official sources, avoid hacked software.


The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)