Mac users targeted by cryptocurrency scam – what to do now

person using a macbook
(Image credit: Shutterstock)

Hackers are targeting Mac users with fake cryptocurrency trading applications in order to harvest cryptocurrency from their wallets, according to one of the world's biggest antivirus companies.

Security researchers at ESET have warned of “recently discovered websites distributing malicious cryptocurrency trading applications for Mac.”

ESET claims that cybercriminals are using the compromised cryptocurrency applications to “steal information such as browser cookies, cryptocurrency wallets and screen captures.”

To trick users into downloading the malware, hackers are offering rebranded versions of the legitimate cryptocurrency trading terminal Kattana. 

In total, ESET has discovered four rebranded apps that used the following names: Cointrazer, Cupatrade, Licatrade and Trezarus.

“Copycat websites are set up to make the bogus application download look legitimate. For a person who doesn’t know Kattana, the websites do look legitimate,” wrote ESET's Marc-Etienne M.Léveillé in a blog post. “The download button on the bogus sites is a link to a ZIP archive containing the Trojanized application bundle.”

  • More: Get an extra layer of security for your Apple with a Mac VPN

Bundled Trojan 

Although these fake apps allow users to trade cryptocurrency, what they won’t realise is that the software also comes with an installer of the Gmera malware.

“Analyzing the malware samples, we quickly found that this was a new campaign of what Trend Micro researchers called GMERA, in an analysis they published in September 2019,” wrote ESET.

“As in the previous campaigns, the malware reports to a C&C [command-and-control] server over HTTP and connects remote terminal sessions to another C&C server using a hardcoded IP address."

However, the researchers noted that “not only did the malware authors wrap the original, legitimate application to include malware”, but they “rebranded the Kattana trading application with new names and copied its original website.”

Social engineering

ESET doesn’t know exactly how the perpetrators have been distributing this malware, but suggested that social engineering is a possibility. 

It said: “We have not yet been able to find exactly where these trojanized applications are promoted. However, in March 2020, Kattana posted a warning suggesting that victims were approached individually to lure them into downloading a Trojanized app. We couldn’t confirm that it was linked to this particular campaign, but it could very well be the case.”

Jake Moore, a security specialist at ESET, told Tom's Guide: "Regardless of what device or OS you use, we are seeing social engineering increase and with great force. After recent events, this is proving to be extremely damaging too.

"Furthermore, many people still wrongly assume macOS are somewhat immune to malware on their Apple devices and even smugly do not use any antivirus protection. 

"Users must never become complacent to any sort of attack and remember to always put their IT security first. Software based protection is vital but user awareness is equally important and everyone is reminded to urge caution with any unsolicited emails."

TOPICS

Nicholas Fearn is a freelance technology journalist and copywriter from the Welsh valleys. His work has appeared in publications such as the FT, the Independent, the Daily Telegraph, The Next Web, T3, Android Central, Computer Weekly, and many others. He also happens to be a diehard Mariah Carey fan!

Latest in Online Security
A magnifying glass on top of the Steam logo in a web browser
Valve just pulled a malicious game demo spreading info-stealing malware from Steam
MacBook Pro 2023
New Mac attack is tricking users into thinking their computer is locked — how to stay safe
Hacker using a stolen social security card
Your Social Security number is a literal gold mine for scammers and identity thieves — here’s how to keep it safe
An open lock depicting a data breach
Half a million teachers hit in major data breach with SSNs, financial data and more exposed — what to do now
Green skull on smartphone screen.
Malicious Android apps with 60 million installs bombarding phones with ads and phishing attacks — how to stay safe
Malware
Dangerous new password-stealing trojan automatically reinstalls itself on infected PCs
Latest in News
Rendered images of rumored foldable iPhone.
Foldable iPhone report just revealed key details — here's what we know
NYTimes Connections
NYT Connections today hints and answers — Saturday, March 23 (#651)
NYT Strands on a cellphone
NYT Strands today — hints, spangram and answers for game #385 (Sunday, March 23 2025)
Nintendo Switch 2
Nintendo Switch 2 rumored specs — here’s what we know so far
iPhone 17 Pro render
iPhone 17 Pro — 7 biggest rumored upgrades
CAD renderings of the Google Pixel 10 Pro XL
Pixel 10 leak could be good news for all Android phones