GMERA Malware Hidden in Mac Cryptocurrency Trading App
A fake cryptocurrency app is being used to spread malware to Mac users. If infected, the malware can steal web browser data and the victim’s cryptocurrency wallet information. The malware can also take screenshots and send them to the threat actors behind the attack.
“This time, however, not only did the malware authors wrap the original, legitimate application to include malware; they also rebranded the Kattana trading application with new names and copied its original website,” according to a report by cyber security researchers at ESET.
It is believed that the malware campaign was launched on April 15.
GMERA malware is hidden inside fake cryptocurrency trading apps that impersonate legitimate apps produced by Kattana. The attackers have developed Trojanized versions of four spoofed Kattana apps – Cointrazer, Cupatrade, Licatrade, and Trezarus. They have also created matching websites to trick users. The report goes on to state that the researchers have not yet figured out how the fake apps are being delivered to victims. It seems that the malware is spread through social engineering.
GMERA Malware
GMERA malware has been in circulation since 2019. When the malware was first discovered by TrendMicro it spoofed a legitimate Mac trading app, called Stockfolio and stole personal data. This time the malware is stealing web browser information from the infected devices including cookies and history. It appears it is also attempting to steal Cryptocurrency wallets.
What is Malware?
Malware is any unwanted computer program, script, app, or computer code on a device. Malware can infect computers and laptops as well as mobile devices. There are many types of malware and threat actors who use them to steal money and information. Malware includes ransomware, spyware, Trojans, worms, and computer viruses.
A defense against malware is to use a reliable malware application that is downloaded and enabled before it is needed. If a device is locked up by ransomware the user may not be able to download any apps to help mitigate the attack. Quality anti-malware apps are kept up to date with the latest information on malicious cyber attacks.
Depending on the type of malware deployed by threat actors, internet users may lose access to their files or information. Spyware may steal login information to valuable online accounts like credit cards. It may even steal sensitive data from your employer’s network. Once malware infects a device, it often attempts to move across the network the device is connected to so it can inflict more damage on as many devices as possible
