Trojan-Proxy Exploits Target macOS Users via Cracked Software

Cybersecurity experts have uncovered a growing threat to macOS users through a Trojan-proxy embedded within cracked applications distributed on unauthorized websites. This insidious malware not only poses significant risks to individual users but also facilitates various criminal activities, from cyber attacks to the acquisition of illegal goods.

The Malicious Tactics

Kaspersky researchers, in a detailed blog post dated December 6, have exposed the malicious intentions behind this macOS trojan-proxy. Attackers are leveraging cracked software not just for financial gains but also to establish a network of proxy servers for engaging in criminal acts. Illicit activities facilitated by this malware range from the procurement of firearms and drugs to other unlawful goods.

Unlike legitimate applications distributed as disk images, infected versions manifest as .PKG installers. These files, managed by the Installer utility in macOS, can execute scripts before and after installation. Notably, the researchers found that scripts were executed post-installation, revealing the stealthy nature of the malware.

The historical connection between illegally distributed software and malware is emphasized, with users seeking cost-free alternatives often becoming unwitting targets for cybercriminals. Kaspersky notes that individuals searching for cracked apps are more likely to download installers from questionable websites and disable security on their machines.

Implications for macOS Users

Callie Guenther, Senior Manager of Cyber Threat Research at Critical Start, has highlighted the severe security compromise faced by macOS users who unknowingly install the trojan-proxy. Users inadvertently transform their devices into nodes for illicit activities, ranging from hacking and phishing to facilitating transactions for illegal goods. The trojan’s impact extends to the network level, anonymizing cybercriminal activities by converting infected devices into proxy servers.

Guenther also underscores the trojan’s use of DNS over HTTPS (DoH) to obscure communication with command-and-control (C2), marking a significant advancement in malware stealth capabilities. This presents challenges for detecting malicious traffic, emphasizing the need for advanced network monitoring solutions.

The Vulnerability of Mac Users

Ken Dunham, Director of Cyber Threat at Qualys, emphasizes the prolonged targeting of Mac users by botnet actors. With an increasing threat landscape in 2023, he urges Mac users to adopt best practices, stay aware of current attack tactics, and prioritize security. Dunham highlights the potential long-term impact of a network exploited by a trojan-proxy, urging Mac users to exercise caution, scan installers for viruses, and check them against checksum hash values for source and code integrity.


The emergence of the macOS trojan-proxy signals a concerning trend in cyber threats targeting macOS systems. As attackers become more sophisticated, the responsibility falls on users to remain vigilant, adopt best practices, and continually adapt cybersecurity measures to thwart evolving challenges. Mac users, in particular, are urged to prioritize security and implement proactive measures against trojan-proxy threats through seemingly innocent cracked software.

Call to Action

For victims of Trojan-Proxy Exploits Targeting macOS Users Through Cracked Software, Chicago Computer Network, a leading cybersecurity and managed IT service provider in Schaumburg, Illinois, is offering a FREE 1-hour consultation to strengthen defenses and ensure a secure digital environment. Immediate action is advised to mitigate potential risks and enhance cybersecurity posture.

Related Articles