It’s possible that the people behind it are looking for ways to make it more efficient – perhaps even adding evasion mechanisms in the future,” Trend Micro concludes. Stockfolio is described as is the best stock and cryptocurrency investment app for mac that allows you to research and track interesting stocks. “Given the changes we’ve seen from the malware variant’s initial iteration to its current one, we notice a trend in which the malware authors have simplified its routine and added further capabilities. Also, get current market data for cryptocurrencies as well hard currenc. The sample also includes a persistence mechanism, via the creation of a property list (plist) file that creates the reverse shell code every 10,000 seconds. Keep track of all your stock portfolios in a single app. It also drops several files and creates a simple reverse shell (on ports 25733-25736) to the command and control (C&C) server, allowing hackers to execute shell commands on the infected host. It would execute a single script meant to collect usernames and IP addresses from the infected machine and send the information to the attackers’ server. It also checks for the hidden file containing the server response and uses its content to decrypt a file that Trend Micro suspects contains additional malicious routines.Īlso using a copy of Stockfolio version 1.4.13 to hide its malicious intent, the second sample contains a much simpler routine. The second script executed by the malware is in charge of copying additional files, as well as with decoding and deleting some others. If a response is received from the server, it would be written to another hidden file. The collected data is encoded and saved in a hidden file, then sent to the attackers’ server. The first of the scripts is in charge of collecting a broad range of information on the infected system, including username, IP address, apps in /Applications, files in ~/Documents, files in ~/Desktop, OS installation date, file system disk space usage, graphics/display information, wireless network information, and screenshots. Stockfolio is an investment app for macOS that allows you to research and track interesting stocks. When executed, the threat displays a trading app interface on the screen, but it also executes bundled shell scripts in the Resources directory, the researchers discovered. Stockfolio is an investment-based application to help people in estimating their investment and get predefined and system-managed investment plans. A copy of the legitimate Stockfolio version 1.4.13 signed with the malware developer’s digital certificate is included in the archive. The first sample is a ZIP archive file containing an app bundle (Stockfoli.app) and a hidden encrypted file (.app). To date, two malware samples were discovered, revealing an evolution of the threat. ![]() ![]() A Mac Trojan focused on stealing users’ information was found masquerading as a legitimate trading application, Trend Micro’s security researchers report.ĭetected by Trend Micro products as, the software poses as the Mac-based trading app Stockfolio, but contains shell scripts that allow it to perform malicious activities.
0 Comments
Leave a Reply. |