Copy link
Increase text size
Decrease text size
Link copied

Tampered cryptocurrency trading apps are installing malware into devices using macOS

Cybercriminals have created fake cryptocurrency trading apps that are bundled with malware.

Image by: Tatsuo Yamashita / Flickr

Wed, 22 Jul 2020, 03:12 am UTC

Cybersecurity experts reveal that some cryptocurrency trading apps have been Trojanized to install malware to their users’ devices. The compromised apps have been specially tweaked to install malware to devices running on Apple’s macOS.

This was revealed by a recently released report by researchers from the Slovakia-based cybersecurity firm ESET who discovered the scheme. “We’ve recently discovered websites distributing malicious cryptocurrency trading applications for Mac,” ESET wrote in the report released on Thursday. “This malware is used to steal information such as browser cookies, cryptocurrency wallets and screen captures.”

According to ZDNet, the Trojanized crypto trading applications were offered online as versions for legitimate trading apps. For example, a compromised version of the Kattana trading software has been found by ESET researchers.

It appears that Kattana might be aware of the issue, which prompted it to issue a warning back in March. “We’ve come to know that some of our users were approached by the malicious copycat service of Kattana, located at: http://kattanatrade.online,” Kattana wrote on Twitter on March 12, 2020. “Please, be extra mindful about anyone who approaches you for any reason related to crypto-trading. They might be frauds.”

Aside from the tweaked version of the legitimate Kattana crypto app, ESET researchers also found four other compromised versions of legit apps. The report noted that there were also Trojanized versions of the Trezarus, Licatrade, Cupatrade, and Cointrazer apps discovered.

The fake cryptocurrency apps can be found in copycat websites that have similar names and designed to look like original sites. When downloaded, the apps include a Gmera installer that is bundled in the software.

Gmera is a malware that was first discovered by researchers from Trend Micro in 2019. At that time, the malware was bundled with Stockfolia, a trading app for Mac.

In the Trojanized Kattana app, much of the legit Kattana’s functionality was left intact. For instance, there the login mechanism is still present allowing users to access their wallets and even trade. However, this can be used by cybercriminals to also access the crypto wallets of the victims. The report did not include statistics on how many Mac users became victim of the compromised apps.

TokenPost | [email protected]

<Copyright © TokenPost. All Rights Reserved. >

Back to top
Copyright ⓒ TokenPost. All Rights Reserved.