GMERA Trojan Does It Again; Targets MacOS Users To Steal Cryptocurrencies | Cyware Alerts


Hackers are often seen using innovative techniques when attempting to target and steal from the cryptocurrency wallets. A fresh campaign was observed using trojanized cryptocurrency trading software and applications to target the users of a genuine application.

GMERA malware targets cryptocurrency wallets

Recently, the GMERA malware authors were seen using a malicious version of the legitimate cryptocurrency trading application called Kattana in their latest attacks.

  • The GMERA malware authors wrapped the legitimate Kattana application into a malicious application.
  • They also created promotional websites for distributing malicious cryptocurrency trading applications for Mac users with some rebranding using fake names such as Cointrazer, Cupatrade, Licatrade, and Trezarus.
  • The operators likely contacted their targets directly and manipulated them into installing the malicious application.
  • The malware used reverse shells to exfiltrate browser cookies, browsing histories, and cryptocurrency wallet credentials.

A brief history

This malware has been attempting to compromise Mac users involved in cryptocurrency trading for over a year.

  • GMERA malware was first observed in September 2019.
  • At that time, two variants of this malware named Trojan.MacOS.GMERA.A and Trojan.MacOS.GMERA.B were masquerading as the Stockfolio trading app to steal user information.
  • Some of the script files used in the latest campaigns were much similar to the Stockfolio samples, with some updates to include additional information.

Words of caution

Users should always download applications from official sources to minimize the chances of downloading a malicious variant. Keep a check on the permissions and resources requested by the apps while installation, and always use a reliable anti-malware program to remove or stop the malware from spreading further through an infected system.



Source link

Recent articles

Brent Scowcroft, a Force on Foreign Policy for 40 Years, Dies at 95

Long after his retirement, Mr. Scowcroft remained a pillar of the Republican national security establishment. In the run-up to the 2016 presidential election,...

Marvel’s Avengers Beta – New Gameplay Today Live

After years of anticipation, Marvel's Avengers is almost here. But before we get to the full release of Crystal Dynamics' take on Earth's...

What’s Coming to Netflix in August 2020

Welcome to the most comprehensive look at what’s coming to Netflix in the United States throughout the month of August 2020. While the...

COVID-19’s next threat to your 401(k)

It is insane that our tax-deferred retirement plans depend on our employers, and we’ve got...

Trump’s Executive Orders Would Ban TikTok And WeChat In 45 Days

Photo: Martin Bureau (Getty Images)The Trump administration’s battle against the imminent threat of Chinese apps finally reached a...

How to restore your OneDrive files to a previous time

You can undo changes to files on OneDrive in the event of a synchronization problem. ...

Leave a reply

Please enter your comment!
Please enter your name here