New Trojan Attack Targets Mac Users to Steal Cryptocurrency

Published at: July 16, 2020

A new trojan attack using malware called GMERA is targeting cryptocurrency traders who use trading applications on Apple’s macOS.

The internet security company ESET found that the malware comes integrated into legitimate-looking cryptocurrency trading applications and tries to steal users’ crypto funds from their wallets.

Researchers at another cybersecurity firm Trend Micro first discovered GMERA malware in September 2019, when it was posing as the Mac-specific stock investment application Stockfolio. 

Copying the actual applications

ESET found the malware operators have integrated GMERA to the original macOS cryptocurrency trading application Kattana. They have also copied the website of the company and are promoting four new copycat applications — Cointrazer, Cupatrade, Licatrade and Trezarus — that come packed with the malware.

The fake websites have a download button which is linked to a ZIP archive containing the trojanized version of the app. According to ESET, these applications have full support for trading functionalities. 

“For a person who doesn’t know Kattana, the websites do look legitimate,” wrote the researchers.

The researchers also said that the perpetrators have been directly contacting their targets and “socially engineering them” to download the infected application. 

The malware in a nutshell

To analyze the malware, ESET researchers tested samples from Licatrade, which they said has minor differences compared to the malware on other applications but still functions the same way. 

The trojan installs a shell script on the victim’s computer that gives the operators access to the users’ system through the application. The shell script then allows the attackers to create command-and-control servers, also called C&C or C2, over HTTP between theirs and the victim’s system. These C2 servers help them consistently communicate with the compromised machine. 

According to the findings, the GMERA malware steals information such as user names, cryptocurrency wallets, location and screen captures from the users’ system. 

ESET, however, said they had reported the issue to Apple and the certificate issued by the company to Licatrade was revoked the same day. They further added the other two certificates used for different applications were already revoked by the time they initiated their analyses.

Tags
Related Posts
Bitcoin historical data reveals strategy to pick the right iPhone 13
Bitcoin (BTC) and Ether (ETH) historical data make selecting the right Apple iPhone 13 model quite easy for crypto enthusiasts. Apple unveiled four different smartphone models on Tuesday, the iPhone 13 and iPhone 13 mini, with a new camera layout, as well as the Super Retina XDR display-bearing iPhone 13 Pro and iPhone 13 Pro Max, each with several storage options. With so many different models available in a wide price range, it becomes hard for customers to pick a specific model as a replacement for their current gadget. For crypto enthusiasts, though, historical market data on top cryptocurrencies makes …
Technology / Sept. 16, 2021
This trading platform has a novel approach to welcoming new users
A fully regulated brokerage with more than 100,000 users globally has introduced a novel way of welcoming new customers to its platform. Quantfury says users who invite their friends to join the platform will receive stock or cryptocurrency as a reward — with a value of anywhere between $10 and $250 — and their friends will receive the same. According to the company, this could deliver some interesting opportunities that a user may not have contemplated before… such as owning Facebook or Google stock, or gaining exposure to Bitcoin or Ethereum. In a move to stand head and shoulders above …
Technology / March 8, 2021
Nodes are going to dethrone tech giants — from Apple to Google
Tailoring his argument to many of the companies that were market leaders at the time, his ideas eventually also applied to companies that either hadn’t fully defined their markets or didn’t even yet exist but would go on to generate billions in market share: Uber, Lyft, TikTok/ByteDance, Robinhood and Coinbase, among several others. If you were going to be a unicorn in the 21st century, software was probably going to be a key part of earning that horn. The hidden motor behind this complete disruption of modern economies and life was the emergence of true cloud computing and cloud giants, …
Technology / Oct. 15, 2022
Apple's absurd new crypto rules expose how out-of-touch it's become
Giant companies like Apple have made a fortune by centralizing their powers and profits and expanding their product and services network to be a part of people’s lives in as many ways as they can. Until recently, however, Apple had also demonstrated an ability to tunnel-focus its efforts to stay relevant and up to date with what consumers wanted, what mattered to them and what they needed most from the tech giants they rely on. It seems that this is not strictly true anymore, and that is a real shame. In its updated App Store guidelines unveiled on Oct. 24, …
Decentralization / Nov. 1, 2022
Nifty News: Nike unveils NFT platform, Steve Jobs' sandals sell for $200K and more
Nike's "Dot Swoosh" platform lands Footwear and apparel giant Nike has unveiled its latest foray into the non-fungible token (NFT) and Metaverse space with the launch of an NFT marketplace named “.Swoosh” While .Swoosh is still in the beta phase, Nike announced that its “first digital collection” is set to launch on the eb3 platform in 2023, with the rest of 2022 devoted to growing the platform and user base. ✅ About .SWOOSH ‍♂️ .SWOOSH is a platform for @Nike's virtual creations, for them to be more accessible and to onboard the next millions into the wonderful world of web3 …
Technology / Nov. 15, 2022