The program also tricks users by initiating the Exodus installation, leading them to believe it’s legitimate, while actually diverting their attention to conceal its true motives. The hackers have utilized new .dll side-loading techniques to evade detection, as highlighted by analysts.
It remains unclear how extensive the attack is, but it appears to be focused on Chinese crypto investors and companies, utilizing Chinese-language installers, according to Cyble.