Researchers at cybersecurity company ESET have identified malware masquerading as cryptocurrency trading applications and distributed among macOS users.
twitter.com
Attackers copied the interface of the Kattana trading platform. On the fake pages, they offered to download cryptocurrency trading applications that actually contained malware.
“So far, it has not been possible to determine exactly how these trojanized applications are distributed. Probably, social engineering methods are applied to the victims: on the fake sites there is a download button with a link to the ZIP archive, which contains the trojanized application, ”the ESET press service said.
Representatives of the platform warned of services imitating Kattana back in the spring.
twitter.com
The fraudulent applications worked under the brands Cointrazer, Cupatrade, Licatrade, Trezarus and contained the GMERA Trojan. At the same time, they fully supported trading functions, so it was difficult for users to recognize the fraud.
After installing the applications, hackers gained access to user systems, personal data, location information, cryptocurrency wallets and take screenshots.
Last year, Trend Micro researchers wrote about GMERA . Then the trojan spread under the guise of an application for investment in the stock market Stockfolio.
ESET analyzed the operation of fraudulent applications using one of them, Licatrade. Apple revoked the certificate issued by Licatrade earlier, on the same day that the specialists reported the problem.