Mac Users Targeted by Cryptocurrency Scams — What to Do Now

Mac Users Targeted by Cryptocurrency Scams — What to Do Now

Hackers are targeting Mac users with fake cryptocurrency trading applications to harvest cryptocurrency from their wallets, according to one of the world's largest anti-virus companies.

Security researchers at ESET warn of "recently discovered websites distributing malicious cryptocurrency trading applications for Mac."

ESET claims that cybercriminals are using compromised cryptocurrency applications to "steal information such as browser cookies, cryptocurrency wallets, and screen captures."

To trick users into downloading malware, hackers offer rebranded versions of legitimate cryptocurrency trading terminal Kattana.

In total, ESET discovered four rebranded apps that used the following names: "Cointrazer," "Cupatrade," "Licatrade," and "Trezarus.

"The counterfeit websites are set up so that downloading fake applications looks legitimate; to someone who has never heard of Kattana, the websites look legitimate." For those who are not familiar with Kattana, the websites appear legitimate," Marc-Etienne M. Léveillé of ESET wrote in a blog post. The download button on the fake site is a link to a ZIP archive containing a Trojanized application bundle.

These fake applications allow users to trade cryptocurrency, but what users don't realize is that the software also comes with an installer for the Gmera malware.

"Analysis of the malware samples quickly revealed that it was a new campaign for what Trend Micro researchers called GMERA in an analysis published in September 2019," ESET wrote.

"Similar to previous campaigns, the malware reports to a C&C [command and control] server via HTTP and uses a hard-coded IP address to connect a remote terminal session to another C&C server."

However, the researchers note that "the malware authors not only wrapped the original legitimate application to include the malware," but also "rebranded the Kattana trading application with a new name and copied the original website."

ESET does not know exactly how the perpetrators distributed this malware, but suggests the possibility of social engineering.

ESET states: "We have not yet been able to pinpoint exactly where these Trojanized applications are being promoted. However, in March 2020, Kattana posted an alert suggesting that victims were approached individually to lure them into downloading the Trojanized applications. We could not confirm a link to this particular campaign, but it is very possible."

Jake Moore, a security specialist at ESET, told Tom's Guide: "Social engineering is on the rise and gaining momentum regardless of what device or operating system you are using. Recent events have shown that social engineering can be very harmful. [Furthermore, many people mistakenly believe that macOS is immune to malware on Apple devices, or that they are not using antivirus software.

"Users should never become complacent about any attacks and always remember that IT security is their top priority. Software-based protection is essential, but user awareness is equally important, and we urge everyone to be very careful with unsolicited email.

Categories