Legitimate-Looking Malware Targets Mac Crypto Traders

Legitimate-Looking Malware Targets Mac Crypto Traders
ôîòî ïîêàçàíî ñ : beincrypto.com

2020-7-18 16:53

Researchers on Thursday discovered a new trojan targeting crypto traders using Mac’s.

Researchers from internet security firm ESET, found that legitimate-looking websites are distributing malicious cryptocurrency trading applications for Mac users. Dubbed GMERS, the malware could “steal information from browser cookies, crypto wallets and screen captures,” a release said.

According to researchers, the malware authors used the original website of the Kattana crypto trading terminal to re-brand their own spying applications. The researchers also created fake honeypots to reveal the real intentions of the criminals.

“We have seen the following fictitious brandings used in different campaigns: Cointrazer, Cupatrade, Licatrade and Trezarus,”

the analysts said.

Kattana had raised a warning in March, stating that perpetrators had lured traders individually to download the trojan application. The trading platform said users should be “extra mindful” of such fraudsters.

We’ve come to know that some of our users were approached by the malicious copycat service of Kattana, located at: https://t.co/paSARVJPPZ

Please, be extra mindful about anyone who approaches you for any reason related to crypto-trading. They might be frauds.

— Kattana (@kattanatrade) March 12, 2020

Researchers were unable to connect this campaign to the current GMERS malware.

“We have not yet been able to find exactly where these trojanized applications are promoted,”

they added.

Copycat Websites Look Legitimate

The perpetrators are duplicating websites to make the bogus application download look legitimate. Researchers wrote, “for a person who doesn’t know Kattana, the websites do look legitimate.” The download link then takes users to a ZIP archive containing the fake application bundle.

Kattana requires user credentials for trades on its platform. Researchers also examined these to prevent login thefts. They noted:

“We wanted to see if, besides the change in name and icon in the application, some other code was changed.”

The Licatrade application, for example, had a malicious app on its original-looking licatrade.com website. Malware authors used the same email address to register this and several other domains, analysts noted.

Here are a few of the copycat domains registered with same email addresses, revealing previous malicious campaigns:

Source: welivesecurity.com

Another group of analysts from Trend Micro published a report last September, analyzing fake Mac-based cryptocurrency trading apps such as Stockfolio on a case-by-case basis.

Setting up Crypto Honeypots

In order to monitor all interactions between malware operators, researchers set up fake honeypots, a computer security mechanism. These honeypots can detect or deflect unauthorized use of information systems by fooling cybercriminals into thinking they’re legitimate targets.

For example, the honeypots can mimic a company’s customer billing system to attract fraudsters. This looks like a real computer system for hackers. Once criminals ‘access’ the honeypots, they are tracked and assessed.

Analysts said that the perpetrator’s interest lies primarily in cryptocurrency wallets, screen captures, and browser information containing user history and cookies.

They said, that the attackers were directly contacting victims and “socially engineering them” to download the malicious application.

The post Legitimate-Looking Malware Targets Mac Crypto Traders appeared first on BeInCrypto.

Similar to Notcoin - Blum - Airdrops In 2024

origin »

Machinecoin (MAC) íà Currencies.ru

$ 0.0004553 (+0.00%)
Îáúåì 24H $0
Èçìåíåèÿ 24h: 0.00 %, 7d: -92.80 %
Cåãîäíÿ L: $0.0004553 - H: $0.0004553
Êàïèòàëèçàöèÿ $9.759k Rank 999999
Äîñòóïíî / Âñåãî 21.435m MAC

mac researchers legitimate-looking crypto traders websites eset

mac researchers → Ðåçóëüòàòîâ: 6


Vulnerabilities Shake Trust In Blockchain Voting App; West Virginia Turns Back to Paper

The blockchain-based voting app, Voatz, will no longer be used by West Virginia. The news comes after researchers discovered vulnerabilities within the app. On February 29, it was reported by NBC News that West Virginia's secretary of state, Mac Warner, announced that disabled and overseas voter will not be able to use mobile apps in […]

2020-3-3 22:56


New Mac Malware Can Steal Crypto from Exchanges, Can it be Prevented?

Unit 42, the global threat intelligence team at Palo Alto Network, discovered Mac malware that can steal cookies linked to crypto exchanges and wallets. Although usernames and passwords may not be sufficient to initiate withdrawals at crypto exchanges, if hackers manage to steal a combination of login credentials, web cookies, authentication cookies, and SMS data, it could steal user funds.

2019-2-2 21:32


Ôîòî:

BBC News website spoofed by Bitcoin scammers

Scammers have found a new way to use seemingly legitimate BBC News websites to mine Bitcoin. The scam, identified by researchers, was first discovered in the first week of January. Scammers created what appeared to be a legitimate email containing a “Display Message” button, which rerouted users to an affiliate website tasked with generating Bitcoin based on page views.

2019-1-16 13:15