The Internet security firm, ESET, has discovered a new trojan attack targeting crypto traders who use applications from Apple's macOS.
According to the findings, the malware targets crypto wallets and is integrated with pseudo digital asset trading apps, which can easily be confused for the legit platforms.
Dubbed ‘GMERA,' and not the first time the malware was used. Researchers from Trend Micro, another cyber sec firm, had come across it back in September 2019 when it had posed as Stockfolio, a Mac-built stock investment app.
Upon digging deeper, ESET researchers found that GMERA operators had integrated the malware with macOS' Kattana crypto trading application. They then created a replica of the firm's website to promote four new copycat apps, namely; Trezarus, Licatrade, Cupatrade, and Cointrazer. Notably, these malicious apps direct users to a ZIP archive containing the trojan zed versions, which in turn target crypto wallets once downloaded.
The researchers went on to highlight that anyone who is not very familiar with Kattana's website can, therefore, easily be compromised:
“For a person who doesn’t know Kattana, the websites do look legitimate.”
The GMERA Malware
To fully understand how it works, ESET researchers analyzed samples from Licatrade whose functionality is pretty similar to the other malware. As per the findings, GMERA installs a shell script on the target's computer, giving the hackers access to a user's system through the app.
They then leverage HTTP to create C&C or C2 servers to initiate communication between them and the compromised machine. In doing so, they can steal information such as location, crypto wallets, and screen captures stored in the user's database. Following these findings, ESET raised the issue with Apple leading to the revokement of Licatrade's certification.