xbash malware

The appeal of cryptocurrency trading should never be underestimated. A lot of people are looking for ways to make money, thus the overall interest in trading applications continues to rise. One particular application developed for Macintosh users may not be what it seems. This application is primarily designed to steal user information, rather than letting people trade cryptocurrencies. 

The Fake Stockfolio Apps

Most Macintosh users will be all too aware of the Stockfolio application. It is a powerful tool that allows users to dabble in the trading of cryptocurrencies and traditional stocks, among other things. It is sometimes referred to as the “best investment app for Macintosh users”, which only adds to its popularity and credibility. Unfortunately, it now seems there are multiple versions of Stockfolio in the Apple Store, and it may prove rather difficult to separate the real one from its fake counterpart.

The fake version has proven to be rather malicious in different ways. On the surface, it may look perfectly legitimate, but that is only a ruse. Instead, the developers aim to steal users’ login credentials and empty their genuine Stockfolio accounts in the process. It also seems this application packs a Trojan, which has been identified as “Trojan.MacOs.GMERA”.  To make matters worse, two different iterations of this malicious app exist, with one of them being incredibly difficult to get rid of.

Qries

Apple is Aware of the Problem

Thankfully, it appears Apple knows the situation needs to be monitored in the weeks and months to come. The fake application is already unable to operate due to its code signature being revoked. That means that anyone who accidentally downloaded the fake version will be safe from harm, at least for the time being.  However, it has proven relatively easy for criminals to obtain new credentials and sign their software packages before submitting them for approval.

That raises a very interesting question which may not be all that easy to answer. In recent months, it has become apparent that criminals will target Apple users – either on desktop or mobile – to effectively obtain their financial information. In quite a few cases, the criminals’ objective is to steal cryptocurrency balances or its associated information. Technology giants such as Apple and Google have to be far more proactive in this regard to ensure such attacks cannot take place in the future. 

No Funds Stolen so far

The only silver lining in all of this is how no one has reported any loss of funds just yet. That in itself is a small miracle, primarily because of two different fake Stockfolio apps making the rounds at the same time. Even so, there is always a chance the victims are not reporting their losses to the proper authorities just yet. Most people who fall victim to fake applications feel too embarrassed to do anything about it. 

Another interesting note is how security researchers remain worried this may only be the beginning of more malicious apps being released in the coming months and years. It seems the culprits are always capable of remaining several steps ahead of the technology giants in question. That creates a very worrisome scenario, albeit one that cannot be refuted either. Considering how an Apple app developer license costs $99, it is worth burning a few accounts in search of financial riches. It only takes one or two users to give up their account details and criminals will be making a profit already.

Image(s): Shutterstock.com


LEAVE A REPLY

Please enter your comment!
Please enter your name here