Security News > 2024 > June > Clever macOS malware delivery campaign targets cryptocurrency users

Cryptocurrency users are being targeted with legitimate-looking but fake apps that deliver information-stealing malware instead, Recorded Future's researchers are warning.

How cryptocurrency users get tricked into downloading the malware.

After asking a direct question or while engaging in discussions on cryptocurrency-themed channels, potential targets are instructed by Vortax accounts to visit the site, click on the "Try Vortax for free" button, and enter the provided Room ID to be able to download the application.

"All of the Room IDs, when entered into the Vortax website, redirect the user to a Dropbox link or external website that downloads the Vortax installer," the researchers explained.

"Behavioral analysis of the Vortax installers on Windows and macOS indicates that Vortax App Setup.exe and VortaxSetup.dmg deliver Rhadamanthys and Stealc, or , respectively."

"Further investigation of the Vortax staging domain plumbonwater[.]com revealed 23 additional domains hosted on the same IP address," the analysts noted, and said that each of these domains hosts a malicious application that delivers AMOS. "Investigation into these malicious applications unearthed additional scams - similar to Vortax - that masquerade as legitimate companies and leverage social media and messaging platforms to target cryptocurrency users. These scams, such as VDeck and Mindspeak, share crossover with the Vortax brand and are likely operated by the same threat actor - markopolo."

News URL

https://www.helpnetsecurity.com/2024/06/19/cryptocurrency-malware/