Security News > 2020 > July > More Fake Cryptocurrency Apps Deliver GMERA Malware to Mac Users
Security researchers at ESET have identified a new campaign targeting Mac users with trojanized cryptocurrency trading apps designed to deliver the GMERA malware.
Previous attacks involving this malware family were observed leveraging malicious versions of the trading app Stockfolio, and security researchers also associated the GMERA Trojan with the activities of North Korean hackers.
Recently identified campaigns featuring the malware involved the use of several websites that distributed malicious applications claiming to provide cryptocurrency trading capabilities.
Most likely the hackers are using social engineering to trick users into installing the malware.
Files selected for exfiltration are compressed in a ZIP archive and sent to a server controlled by the attackers via HTTP. "The numerous campaigns run by this group show how much effort they've expended over the last year to compromise Mac users doing online trading. We still aren't sure how someone becomes a victim, downloading one of the trojanized applications, but the hypothesis of the operators directly contacting their targets and socially engineering them into installing the malicious application seems the most plausible," ESET concludes.