New Trojan Attack Targets Mac Users to Steal Cryptocurrency

CoinTelegraph

A new trojan attack using malware called GMERA is targeting cryptocurrency traders who use trading applications on Apple’s macOS.

The internet security company ESET found that the malware comes integrated into legitimate-looking cryptocurrency trading applications and tries to steal users’ crypto funds from their wallets.

Researchers at another cybersecurity firm Trend Micro first discovered GMERA malware in September 2019, when it was posing as the Mac-specific stock investment application Stockfolio. 

How To Get Free Crypto  

Copying the actual applications

ESET found the malware operators have integrated GMERA to the original macOS cryptocurrency trading application Kattana. They have also copied the website of the company and are promoting four new copycat applications — Cointrazer, Cupatrade, Licatrade and Trezarus — that come packed with the malware.

The fake websites have a download button which is linked to a ZIP archive containing the trojanized version of the app. According to ESET, these applications have full support for trading functionalities. 

“For a person who doesn’t know Kattana, the websites do look legitimate,” wrote the researchers.

The researchers also said that the perpetrators have been directly contacting their targets and “socially engineering them” to download the infected application. 

The malware in a nutshell

To analyze the malware, ESET researchers tested samples from Licatrade, which they said has minor differences compared to the malware on other applications but still functions the same way. 

Coinbase Banner  

The trojan installs a shell script on the victim’s computer that gives the operators access to the users’ system through the application. The shell script then allows the attackers to create command-and-control servers, also called C&C or C2, over HTTP between theirs and the victim’s system. These C2 servers help them consistently communicate with the compromised machine. 

According to the findings, the GMERA malware steals information such as user names, cryptocurrency wallets, location and screen captures from the users’ system. 

ESET, however, said they had reported the issue to Apple and the certificate issued by the company to Licatrade was revoked the same day. They further added the other two certificates used for different applications were already revoked by the time they initiated their analyses.

Go to Source
Author: Mohammad Musharraf


Recommended Crypto Services, Products and Strategies:

The first thing any crypto investor needs is is a reliable and secure Crypto Wallet.  Whether you’re looking for an online wallet, hardware wallet, desktop or mobile wallet, Crypto Renegade provides you with all the Best Crypto Wallets in each category.

FreeBitcoin Banner  

Best Crypto Wallets Banner

When you’re ready to buy more crypto, or exchange your coins for others, Crypto Renegade’s list of the Best Crypto Exchanges has you covered.  The Crypto Exchanges recommended here offer everything from simplicity and convenience to advanced trading platforms and profit sharing. 

Best Crypto Exchanges Banner

If you want to learn more about the methods and tools that can be used to find Great Crypto Projects, then be sure to check out Crypto Renegade’s strategy for How To Find The Best Cryptocurrency.

Crypto Strategy Banner

For those people that don’t have any money to invest right now, or just want to understand the technology a bit more, you’ll definitely want to check out Crypto Renegade’s Free Crypto Strategy and start collecting Free Coins today!

Free Crypto Banner

What do you think about cryptocurrency? Do you have any questions about it? Be sure to leave a comment below.

This site uses Akismet to reduce spam. Learn how your comment data is processed.