Researchers have discovered ‘GMERA malware’ a trojan that targets crypto traders using Mac.
The malware infects targets through websites that imitate legitimate websites with a similar domain and user interface to target unsuspecting users. The malware was detected by researchers at cybersecurity company ESET who revealed that the GMERA malware can steal data through “browser cookies, crypto wallets and screen captures.”
GMERA operators duplicate legit websites to promote the trojan. These websites are extremely similar and may look legit to an untrained eye. While the researchers did not know where the malware was being promoted, Kattana had warned users of a malicious copycat service luring users to download the trojan application.
However, researchers were not able to connect the campaign to GMERA malware.
The researchers also revealed that the malware was being transmitted through trojan applications imitating “Cointrazer, Cupatrade, Licatrade, and Trezarus”
Researchers set up honeypots to infiltrate the trojan operator and learn more about their activities. A honeypot is a network-attached system that acts as a decoy to lure cybercriminals. The honeypot allows users to detect, deflect, and study the attackers’ hacking attempts.
The honeypots are designed to attract fraudsters and once the criminals have accessed the honeypot, they are tracked and monitored.
ESET researchers revealed that the orchestrators behind the GMERA malware steal data store in targets’ crypto wallets, browser information such as history and cookie data, and screen captures.
The attackers ‘hunt’ by directly contacting the victim and manipulate them into downloading the malicious file.