ESET researchers believe that the attack is part of or a renewal of a malicious campaign that was identified by Trend Micro back in September 2019.
Today, one of the biggest reasons for mixed feelings being associated with cryptocurrencies can be attributed to threat actors trying to use the technology to scam innocent users from the very start.
A recent report by ESET has identified yet another such case where malware in the form of malicious cryptocurrency trading applications was found being distributed for Mac devices. The malware is designed to steal the following:
Browser history & cookies
Cryptocurrency wallets
Images captured from the user’s screen serving as spyware as well.
The data collected is then transmitted over HTTP to a C2 server along with also connecting “remote terminal sessions to another C&C server using a hardcoded IP address”.
See: Hackers using pirated software to spread new cryptomining Mac malware
As for the origins and details of the samples obtained, the researchers point out that it is part of or a renewal of a malicious campaign that was identified by Trend Micro back in September 2019 named GMERA. The differences include a rebranding of the malicious trading application which is a copy of the authentic platform named “Kattana” and also new websites.
As of now, according to ESET’s researchers, there is no clear indication as to how the attackers are targeting users but the real Kattana ..
Support the originator by clicking the read the rest link below.
