Trojans hide in Mac software

July 16, 2020
| No comments
Eset_News

Share post

ESET researchers analyze malware in trading programs for cryptocurrencies

The fact that Mac users are not the target of malware attacks and cyber criminals has long been considered an old wives' tale among experts. ESET researchers have once again uncovered and analyzed cybercrime activities targeting the macOS operating system. The Slovak IT security experts discovered manipulated crypto trading software on fake provider websites. The programs are all clones of a legitimate application that the malicious code distributors provided with the GMERA malware. For this purpose, the criminals misused the well-known Kattana trading software, renamed it and integrated the malware into their installation program. In addition, the perpetrators copied the manufacturer's website in order to trick visitors into installing the manipulated and malicious application. So far, ESET researchers have discovered four copies of the trading software on the Internet, which were sold under the following names: Cointrazer, Cupatrade, Licatrade and Trezarus.

"The malware reports to a Command & Control server via HTTP and creates a remote terminal session with another C&C server via a hard-coded IP address," said ESET researcher Marc-Etienne M.Léveillé, who led the investigation . "The goal of the criminals is to collect sensitive user data, such as browser data, crypto wallets and desktop screenshots."

Almost identical copy of software and website

The cyber criminals copied and renamed Kattana's website and trading software. As a rule, only the logo was changed on the websites. It is still unclear how and to what extent the criminals advertised and distributed the harmful trading programs. The experts of the European IT security manufacturer suspect that the copies were offered via social engineering. An indication of this: In March 2020, the official Kattana website published a warning indicating that victims are being targeted in order to trick them into downloading a malicious application. The download button on the fake websites links to a ZIP archive that contains the malicious application. None of the copies get into the Apple Store.

More on this at ESET Welivesecurity.com

 

Matching articles on the topic

Report: 40 percent more phishing worldwide

The current spam and phishing report from Kaspersky for 2023 speaks for itself: users in Germany are after ➡ Read more

BSI sets minimum standards for web browsers

The BSI has revised the minimum standard for web browsers for administration and published version 3.0. You can remember that ➡ Read more

Stealth malware targets European companies

Hackers are attacking many companies across Europe with stealth malware. ESET researchers have reported a dramatic increase in so-called AceCryptor attacks via ➡ Read more

IT security: Basis for LockBit 4.0 defused

Trend Micro, working with the UK's National Crime Agency (NCA), analyzed the unpublished version that was in development ➡ Read more

MDR and XDR via Google Workspace

Whether in a cafe, airport terminal or home office – employees work in many places. However, this development also brings challenges ➡ Read more

Windows operating systems: Almost two million computers at risk

There are no longer any updates for the Windows 7 and 8 operating systems. This means open security gaps and therefore worthwhile and ➡ Read more

Test: Security software for endpoints and individual PCs

The latest test results from the AV-TEST laboratory show very good performance of 16 established protection solutions for Windows ➡ Read more

FBI: Internet Crime Report counts $12,5 billion in damage 

The FBI's Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, which includes information from over 880.000 ➡ Read more

Short news
, , ,