Thursday, April 9, 12:52
Home security New malware appears as a trading application and deceives users

New malware appears as a trading application and deceives users

applicationHer researchers Trend Micro they found out that one was circulating new Mac Trojan, which aims to theft user information. The Trojan cheats on them users as appears as a legitimate trading application.

Trojan.MacOS.GMERA software is presented as Mac-based Stockfolio application. In fact, it contains scripts, which allow malicious activity. So far, two versions of malware have been detected.

The first version it is one ZIP file, which contains an app bundle ( and a hidden encrypted file (.app).

When executing the file, at screen the transaction application is displayed. At the same time, however, the application runs shell scripts in the Resources directory.

The first script steals various information, such as IP addresses, applications, operating system installation date, disk information, graphic / display information, wireless information network and screenshots.

- Advertisement -

Once the data is collected, it is encoded and stored in a hidden file. Then they are sent to server of hackers.

The second script copies other files while some decodes or even delete. In addition, it performs other malicious activities.

The second version of malware is much simpler. It uses a copy of the Stockfolio 1.4.13 version to hide its malicious activity. It does just a script that steals usernames and IP addresses and sends them to hackers.

In addition, it allows hackers to execute commands on the infected computer, by installing various files and creating a reverse shell (on ports 25733-25736) on the command and control server.

Trend Micro researchers noticed that malicious software has changed a lot lately. The original version differs greatly from the current one. The malware managers have simplified the process while adding more capabilities. Hackers can do much more damage to victim's computers and more easily than before. Researchers believe that the hackers behind it Trojan trying to make malware even more effective and dangerous.

Absent Mia
Absent Mia
Being your self, in a world that constantly tries to change you, is your greatest achievement


Please enter your comment!
Please enter your name here


COVID-19: Can it be "reactivated" in treated patients?

According to the Korean Centers for Disease Control and Prevention (KCDC), Coronavirus COVID-19 can be "reactivated" in treated patients. Indicatively, approximately ...

Instructions for the face shields created by Apple

The pandemic of coronavirus has affected all areas of our daily lives and especially our work ....

Windows 10: WSL Linux integration test in File Explorer

Windows 10 improves integration between Windows Subsystem for Linux (WSL) and File Explorer, ...

XHelper malware: reinstalled after resetting to factory settings

The malware XHelper, which affects devices running the Android operating system, was first discovered ...

The Fall of the Zoom: Google forbids its employees to use it

A few weeks ago, Zoom was one of the top teleconferencing solutions. Many people working ...

OTEAcademy: Telecommunication Program for Scientists & Freelancers, affected by COVID-19

OTEAcademy participates in the special telecommunication program - certification for scientists and freelancers affected by COVID-19.

Facebook wanted to buy Pegasus Spyware to track Apple users

According to NSO CEO Shalev Hulio, Facebook tried to buy ...

7 apps to watch movies online at the same time as your friends

According to the recommendations made by governments and health organizations around the world, ...

Tesla's model uses solar energy to move

The designs for a Tesla Roadster, with an engine that uses solar energy, were recently released on the internet and ...

George Soros is pushing for a postal vote due to COVID-19

George Soros pushes for postal voting due to COVID-19: For the purposes of the vote, George Soros-funded Brennan Center ...