New Trojan Attack “GMERA” Targets Crypto Traders Using Trading Applications On macOS
New Trojan Attack “GMERA” Targets Crypto Traders Using Trading Applications On macOS
July 17, 2020
New Trojan Attack “GMERA” Targets Crypto Traders Using Trading Applications On macOS
New Trojan Attack “GMERA” Targets Crypto Traders Using Trading Applications On macOS
July 17, 2020

A new trojan attack using malware, known as GMERA, is targeting cryptocurrency traders who use trading applications on Apple’s macOS.

It has been reported that ESET, the Internet security company, found that the malware comes integrated into legitimate-looking cryptocurrency trading applications and tries to steal users’ crypto funds from their wallets.

However, researchers at another cybersecurity firm Trend Micro first discovered GMERA malware in September 2019, when it was posing as the Mac-specific stock investment application Stockfolio. 

It has been analyzed that ESET found the malware operators have integrated GMERA to the original macOS cryptocurrency trading application Kattana, as they have also copied the website of the company and are promoting four new copycat applications — Cointrazer, Cupatrade, Licatrade, and Trezarus, that come packed with the malware.

The fake websites have a download button which is linked to a ZIP archive containing the trojanized version of the app.

According to ESET, these applications have full support for trading functionalities. 

ALSO READ :  FC Barcelona Teams Up With Chiliz To Create Blockchain-Based Token For Sports Franchise

The researchers wrote:

“For a person who doesn’t know Kattana, the websites do look legitimate.”

The researchers also said that the perpetrators have been directly contacting their targets and “socially engineering them” to download the infected application. 

Likewise, to analyze the malware, ESET researchers tested samples from Licatrade, which they said has minor differences compared to the malware on other applications but still functions the same way. 

As per the report, the trojan installs a shell script on the victim’s computer that gives the operators access to the users’ system through the application. Then the shell script allows the attackers to create command-and-control servers, also called C&C or C2, over HTTP between theirs and the victim’s system. These C2 servers help them consistently communicate with the compromised machine. 

According to the findings, the GMERA malware steals information such as user names, cryptocurrency wallets, location, and screen captures from the users’ system. 

ESET said that they had reported the issue to Apple and the certificate issued by the company to Licatrade was revoked the same day.

ALSO READ :  China Introduces Blockchain-Based Identification System As A Part Of Smart City Infrastructure

Thus, they further added that the other two certificates used for different applications were already revoked by the time they initiated their analyses.

Source: Cointelegraph | Image: Radware


Crypto News Point a news platform of Digital Notice Media Labs is primarily a regular publication of information, commentary and articles focused extensively on fintech, blockchain technology, cryptocurrency, blockchain-based tokens, cryptocurrency market trends, and trading strategies. We do not provide individually tailored investment advice and does not take a subscriber’s or anyone’s circumstances into consideration when discussing investments, nor is Crypto News Point registered as an investment adviser or broker-dealer in any jurisdiction. Information contained herein is not an offer or solicitation to buy, hold, or sell any digital assets.

Affiliate Disclosure: To help support the work we do here at CNP, we often link to products and deals from around the web. Should you buy some of these, we may get a portion of the sale.

We in generally gather content from the major websites. In every article there is always a clear link and attribution to the source publication. If you have any issue with any of our published content taken from your site, kindly let us know so that we can take appropriate action. In any case, the content of the pages of this website is for your general information and use only. It is subject to change without notice.

You May Also like

Ishita Bora

Ishita Bora is a Senior Content Creator at Digital Notice Media Labs with an experience of 1 year. She has completed her Master's Degree in Language and Linguistics in 2019 from Gauhati University, India. Her interest lies in blockchain technology and cryptocurrency space. She loves writing about blockchain and other blockchain-related articles.