Stockfolio mac download
![stockfolio mac download stockfolio mac download](https://static.filehorse.com/screenshots-mac/video-software/davinci-resolve-screenshot-05.png)
Comparison of the app bundle folder structure between the malware variant (top) and the legitimate app (version 1.5, bottom). The first suspicious component we found was an app bundle under the Resources directory, which seems to be a copy of the legitimate Stockfolio version 1.4.13 but with the malware author’s digital certificate.Ĭomparing it to the Resources directory of the current version (1.5) found on the Stockfolio website revealed a number of differences, as shown in the figure below.įigure 3. Note that the app bundle is missing the “o” at the end, whereas the legitimate app is called Stockfolio.
![stockfolio mac download stockfolio mac download](https://l450v.alamy.com/450v/d2n9yr/apple-tree-with-full-crop-of-ripe-apples-brittany-france-d2n9yr.jpg)
The fake app presents itself as legitimate to trick users, but we found that it contained several malicious components.įigure 2.
#Stockfolio mac download archive#
The initial sample we analyzed was a zip archive file (detected as ) that contained an app bundle ( Stockfoli.app) and a hidden encrypted file (.app). The suspicious shell script which was flagged by our system To verify that the behavior was indeed malicious, we sourced the parent file using both our infrastructure and the aggregate website VirusTotal (which had the sample but lacked detections from other major security vendors at the time of writing).įigure 1. At first glance, it was challenging to directly identify its malicious behavior because the shell script references other files such as AppCode. We found the first sample (detected as ) while checking suspicious shell scripts that were flagged by our machine learning system. The first one contains a pair of shell scripts and connects to a remote site to decrypt its encrypted codes while the second sample, despite using a simpler routine involving a single shell script, actually incorporates a persistence mechanism. We found two variants of the malware family. We recently found and analyzed an example of such an app, which had a malicious malware variant that disguised itself as a legitimate Mac-based trading app called Stockfolio. However, their popularity has led to their abuse by cybercriminals who create fake trading apps as lures for unsuspecting victims to steal their personal data. They further added the other two certificates used for different applications were already revoked by the time they initiated their analyses.Unlike in the pre-internet era, when trading in the stock or commodities market involved a phone call to a broker - a move which often meant additional fees for would-be traders - the rise of trading apps placed the ability to trade in the hands of ordinary users. These C2 servers help them consistently communicate with the compromised machine.Īccording to the findings, the GMERA malware steals information such as user names, cryptocurrency wallets, location and screen captures from the users’ system.ĮSET, however, said they had reported the issue to Apple and the certificate issued by the company to Licatrade was revoked the same day. The shell script then allows the attackers to create command-and-control servers, also called C&C or C2, over HTTP between theirs and the victim’s system. The trojan installs a shell script on the victim’s computer that gives the operators access to the users’ system through the application. To analyze the malware, ESET researchers tested samples from Licatrade, which they said has minor differences compared to the malware on other applications but still functions the same way.
#Stockfolio mac download download#
The researchers also said that the perpetrators have been directly contacting their targets and “socially engineering them” to download the infected application. “For a person who doesn’t know Kattana, the websites do look legitimate,” wrote the researchers.
#Stockfolio mac download full#
According to ESET, these applications have full support for trading functionalities. The fake websites have a download button which is linked to a ZIP archive containing the trojanized version of the app. They have also copied the website of the company and are promoting four new copycat applications - Cointrazer, Cupatrade, Licatrade and Trezarus - that come packed with the malware. Copying the actual applicationsĮSET found the malware operators have integrated GMERA to the original macOS cryptocurrency trading application Kattana. Researchers at another cybersecurity firm Trend Micro first discovered GMERA malware in September 2019, when it was posing as the Mac-specific stock investment application Stockfolio.
![stockfolio mac download stockfolio mac download](https://cdn.windowsreport.com/wp-content/uploads/2020/07/latinum-768x427.png)
The internet security company ESET found that the malware comes integrated into legitimate-looking cryptocurrency trading applications and tries to steal users’ crypto funds from their wallets. A new trojan attack using malware called GMERA is targeting cryptocurrency traders who use trading applications on Apple’s macOS.