Crypto Attacks Targeted at Mac Owners

Colin Baseman

Hackers never seem to give up on their attempts to attack users. They are interested in the crypto community and this is where they find plenty of people whom they victimize. Crypto analysts warn participants against hackers and inform that new Trojan attackers are now targeting Mac owners.

At present, they’re actively employing numerous illegal schemes to steal crypto funds. According to several trustworthy news reports, specialists have discovered a new Trojan. This malware is mainly targeted at individuals dealing with cryptocurrencies. Most of those users employ special applications intended for trading on their macOS.

Active participants have recently found out about the so-called GMERA, a malware based on the newly launched Trojan attack. Hackers target people who trade crypto and perform their crypto operations employing trading services on macOS from Apple. ESET, one of the most prominent security firms, found and informed that the mentioned attack is integrated into various applications created for crypto trading that look perfectly legitimate – this helps the crypto criminals to steal people’s funds from traders’ wallets.

There is another cybersecurity brand known as Trend Micro whose researchers were the first to discover the malware almost one year ago – back then this scheme seemed to be posing as an investment application. Many Mac users trusted it and didn’t feel suspicious of the product. The team detected the malware developers and operators who succeeded in integrating the app to the original OS trading service Kattana.

Resolving Issues and Fighting the Malware

Criminals have made a few copies of the official website of the firm and are currently promoting four fresh apps. Users have faced Cupatrade as well as Cointrazer that users receive with the new malware. Also, there is Trezarus that is infected and Licatrade – the other copycat version. All these websites are fake and there is a download icon that the system links to an archive consisting of the fake version of the application.

According to professionals, all these apps provide complete support for functionalities that trading usually involves. If an individual is not aware of Kattana, then the website does not look suspicious. Many believe it is legitimate and trustworthy. Also, there is evidence that the criminals have been getting in touch with their victims – that’s how they were engineering them on a social level and offered users to download the app that was infected with the malware.

Specialists are now analyzing the malware – they sampled and studied Licatrade since this version was slightly different from the rest apps. However, they admit that all of them are equipped with similar functions and features. When users install the app on their device, it gives the criminals access to the victim’s system via the app.

Next, the shell script lets the hackers to make up C&C servers between two systems. Such servers help attackers stay in contact with the infected and compromised device. Findings prove that the newly launched malware steals various important information and personal data. As a rule, hackers chase after user names and their crypto accounts.

They need details related to people’s wallets, their location, and other private sources. Engineers reported the problem to the company and documents that the hackers obtained from the brand were instantly revoked. Specialists warn users against downloading suspicious applications and ask people to pay attention to the sources they use to perform trading operations online.