A new Trojan attack is what’s latest in the Bitcoin scam news, mainly designed to steal cryptocurrency from macOS users. Targeted at crypto traders, the virus is using malware called GMERA and targeting cryptocurrency traders who use trading applications within the Apple macOS operating system.
According to reports from the Internet security company ESET, the malware comes integrated into legitimate looking cryptocurrency trading applications, trying to steal users’ crypto funds directly from their wallets.
We can also see that researchers from another cybersecurity firm called Trend Micro first discovered the GMERA malware in September 2019, when it started posing as the Mac-specific stock investment application named Stockfolio.
In the reports which are now viral in the crypto news today, ESET says that it found the malware operations which integrated GMERA into the original macOS cryptocurrency trading application named Kattana. They also copied the website of the company and are actively promoting the new copycat applications which include Cointrazer, Cupatrade, Licatrade as well as Trezarus – all coming packed with the malware.
With a download button that is linked to a ZIP archive containing the trojanized version of the app, these fake websites have full support for trading functionalities. In that manner, the researchers noted:
“For a person who doesn’t know Kattana, the websites do look legitimate,” adding that the attackers are directly contacting their targets and “socially engineering them” in order for them to download the infected application.
In order to analyze this malware, the research team at ESET took samples from Licatrade, which according to them has minor differences compared to the malware on other applications, yet still functions in the same way.
The new Trojan attack works by installing a shell script on the victim’s computer which gives the operators full access to the users’ system through it. The shell script allows the attackers to create command-and-control servers known as C&C and C2, over HTTP between theirs and the victim’s system. The C2 servers help them consistently communicate with the compromised machines.
In the findings, we can see that the GMERA malware steals information such as user names, crypto wallets, location as well as screen captures from the users’ system. However, ESET also said that they reported the issue directly to Apple and the certificate it uses.
DC Forecasts is a leader in many crypto news categories, striving for the highest journalistic standards and abiding by a strict set of editorial policies. If you are interested to offer your expertise or contribute to our news website, feel free to contact us at [email protected]
Discussion about this post