Fake Stockfolio App Targets Mac Users

Reading Time: 2 minutes

A fake trading app that masquerades as popular crypto and stock trading software Stockfolio but instead steals and uploads system information of Mac users has been detected. The fraudulent app, which was discovered by Trend Micro, sought to steal system information from users and upload it to a website, presumably where it would then be used to remote attack the machine.

Stick to Your App Store

The “malware family”, Trojan.MacOS.GMERA.A, was discovered dwelling inside two non-App Store versions of the Stockfolio app. Trend Micro found that one version, downloaded as a .ZIP file, contained a copy of the genuine Stockfolio app but modified with the attackers’ digital certificate. When executed, the hack performed its malicious functions in the background while showing the Stockfolio interface in the foreground, collecting users’ system information, encoding it, saving it in a hidden file, and uploading it to a .PHP site that was active in January and February this year. The second version was similar in method and appearance to the first but appeared to be more simplified and therefore faster-acting. The number of victims of the twin hacks is not known, and official advice is, once again, to only download apps from your device’s app store and not from third-parties.

Mac Viruses on the Increase

This virus is not the first crypto-related effort to hit Mac users in recent months. In June, Malwarebytes detected ‘Bird Miner’, a crypto miner embedded within a cracked version of a music production suite for Mac machines, while February saw Mac users hit with a virus hidden within Cointicker, a menu bar displaying crypto prices – the latter being so severe that those infected were advised to take their machines to specialists. Kaspersky have previously warned that hacking groups like North Korea’s Lazarus have purposefully begun targeting Mac devices due to their popularity with crypto exchange operators and startups, who are seen as easy targets.