High-value crypto asset theft sought by novel notnullOSX macOS malware

Attacks with the nascent notnullOSX malware for macOS have been targeting cryptocurrency wallets containing over $10,000 in Taiwan, Vietnam, and Spain as part of a ClickFix campaign identified on Mar. 30, reportsHackRead.Threat actors have used either a fraudulent protected Google Document claiming an outdated Google API Connector and an illicit WallSpace app promoted through a hacked YouTube channel to lure recipients into copying and executing a command on macOS Terminal to download notnullOSX while securing total disk access, according to Moonlock Lab researchers.Multiple modules are then deployed by notnullOSX, the most concerning of which is ReplaceApp, which replaces the Trezor or Ledger Live hardware wallets with counterfeit iterations to facilitate real-time exfiltration of secret seed phrases. Behind the development of notnullOSX is threat actor 0xFFF, also known as alh1mik, who published themacOS malwareearlier this year to rejoin a major hacking forum he had quit from three years prior.