Researchers at cybersecurity company ESET have identified malware masquerading as cryptocurrency trading applications spreading to macOS users.
— ESET research (@ESETresearch) July 16, 2020
The attackers copied the interface of the Kattana trading platform. On fake pages, they offered to download cryptocurrency trading apps that actually contained malware.
“It has not yet been possible to determine exactly how these Trojanized applications are distributed. It is likely that social engineering methods are being used against the victims: a download button is placed on fake websites with a link to a ZIP archive containing a trojanized application,” ESET’s representatives said.
The platform representatives warned about services imitating Kattana back in the spring.
We’ve come to know that some of our users were approached by the malicious copycat service of Kattana, located at: //t.co/paSARVJPPZ
Please, be extra mindful about anyone who approaches you for any reason related to crypto-trading. They might be frauds.
— Kattana (@kattanatrade) March 12, 2020
The fraudulent applications ran under the brands Cointrazer, Cupatrade, Licatrade, Trezarus, and contained the GMERA Trojan. At the same time, the application supports all trading functions, so it is difficult to identify the deception.
After installing applications, hackers gain access to user systems, personal data, location information, cryptocurrency wallets, and the possibility to make screenshots.
Trend Micro researchers wrote about GMERA last year. Then the Trojan was distributed under the guise of an application for investing in the stock market Stockfolio.
ESET analyzed the operation of fraudulent applications using one of them as an example – Licatrade. Apple revoked the certificate issued by Licatrade earlier on the same day that experts reported the problem.