New malware attacks digital currency trading apps on MacOS

Getting your Trinity Audio player ready...

A new type of malware that steals digital currency from Mac users has been discovered by researchers, prompting fears over security for Mac OS users.

Known as GMERA, the malware attacks Mac users through trading applications, which open users to vulnerabilities that allow for any digital currency stored on the device to be stolen.

Researchers at ESET found that hackers had integrated the malware into digital currency trading app Kattana, as well as four duplicate apps, Cointrazer, Cupatrade, Licatrade and Trezaru, which each contain the malware.

Running across several campaigns, the researchers said the attacks have the hallmarks of an organized cybercrime.

“The numerous campaigns run by this group show how much effort they’ve expended over the last year to compromise Mac users doing online trading. We still aren’t sure how someone becomes a victim, downloading one of the trojanized applications, but the hypothesis of the operators directly contacting their targets and socially engineering them into installing the malicious application seems the most plausible.”

The researchers noted that the malware is less effective on the most recent macOS.

“It is interesting to note how the malware operation is more limited on the most recent version macOS. We did not see the operators try to circumvent the limitation surrounding screen captures. Further, we believe that the only way that they could see the computer screen on victim machines running Catalina would be to exfiltrate existing screenshots taken by the victim. This is a good, real-world example of a mitigation implementation in the operating system that has worked to limit the activities of malefactors.”

The advice for those that might be vulnerable to attack is to upgrade to the most recent version of macOS as soon as possible, as well as storing digital currency in cold wallets to prevent theft.