Mac Malware that Spoofs Trading App Steals User Information, Uploads it to Website
Contents
Malware
Mac Malware, Spoofs App, Steals User Information
We recently found and analyzed a malicious malware variant that disguised itself as a legitimate Mac-based trading app called Stockfolio. We found two variants of the malware family.
Save to Folio
Unlike in the pre-internet era, when trading in the stock or commodities market involved a phone call to a broker — a move which often meant additional fees for would-be traders — the rise of trading apps placed the ability to trade in the hands of ordinary users. However, their popularity has led to their abuse by cybercriminals who create fake trading apps as lures for unsuspecting victims to steal their personal data. We recently found and analyzed an example of such an app, which had a malicious malware variant that disguised itself as a legitimate Mac-based trading app called Stockfolio.
We found two variants of the malware family. The first one contains a pair of …
Mac Malware, Spoofs App, Steals User Information
We recently found and analyzed a malicious malware variant that disguised itself as a legitimate Mac-based trading app called Stockfolio. We found two variants of the malware family.
Save to Folio
Unlike in the pre-internet era, when trading in the stock or commodities market involved a phone call to a broker — a move which often meant additional fees for would-be traders — the rise of trading apps placed the ability to trade in the hands of ordinary users. However, their popularity has led to their abuse by cybercriminals who create fake trading apps as lures for unsuspecting victims to steal their personal data. We recently found and analyzed an example of such an app, which had a malicious malware variant that disguised itself as a legitimate Mac-based trading app called Stockfolio.
We found two variants of the malware family. The first one contains a pair of …
IoC
18e1db7c37a63d987a5448b4dd25103c8053799b0deea5f45f00ca094afe2fe7
193.37.212.176
6f48ef0d76ce68bbca53b05d2d22031aec5ce997e7227c3dcb20809959680f11
6fe741ef057d38dd6d9bbe02dacbcb4940dac6c32e0f50a641e73727d6bf60d9
83df2f39140679a9cfb55f9c839ff8e7638ba29dba164900f9c77bb177796e03
be8b6549da925f285307b17c616a010a9418af70d090ed960ade575ce27c7787
d50f5e94f2c417623c5f573963cc777c0676cc7245d65967ca09a53f464d2b50
efd5b96f489f934f2465a185e43fddf50fcde51b12a8fb91d5d93b09a21706c7
faa2799751582b8829c61cbfe2cbaf3e792960835884b61046778d17937520f4
http://193.37.212.176
http://gmzera54l5qpa6lm.onion
http://owpqkszz.info
http://owpqkszz.info/link.php?{username}&{ip
https://appstockfolio.com/panel/upload.php
193.37.212.176
6f48ef0d76ce68bbca53b05d2d22031aec5ce997e7227c3dcb20809959680f11
6fe741ef057d38dd6d9bbe02dacbcb4940dac6c32e0f50a641e73727d6bf60d9
83df2f39140679a9cfb55f9c839ff8e7638ba29dba164900f9c77bb177796e03
be8b6549da925f285307b17c616a010a9418af70d090ed960ade575ce27c7787
d50f5e94f2c417623c5f573963cc777c0676cc7245d65967ca09a53f464d2b50
efd5b96f489f934f2465a185e43fddf50fcde51b12a8fb91d5d93b09a21706c7
faa2799751582b8829c61cbfe2cbaf3e792960835884b61046778d17937520f4
http://193.37.212.176
http://gmzera54l5qpa6lm.onion
http://owpqkszz.info
http://owpqkszz.info/link.php?{username}&{ip
https://appstockfolio.com/panel/upload.php