entfernen Trojan.MacOS.GMERA - New macOS Malware

entfernen Trojan.MacOS.GMERA – New macOS Malware

1 Star2 Stars3 Stars4 Stars5 Stars (Noch keine Bewertungen)
Loading ...

Trend Micro researchers recently came across a malware instance that disguised itself as a legitimate Mac-based trading app known as Stockfolio. Mit anderen Worten, ein neuer Mac Malware wurde nur entdeckt, or more precisely – researchers came across two variants of the same malware family.

The first variant contains a pair of shell scripts and connects to a remote site to decrypt the encrypted codes. The other instance appears to be simpler in its routine but is in fact persistent in nature. The first sample Trend Micro detects as Trojan.MacOS.GMERA.A, and the second oneTrojan.MacOS.GMERA.B.

The purpose of the malware is to steal the user’s data and to upload it to a website controlled by the hackers.

Threat Zusammenfassung

ArtmacOS Trojan
kurze BeschreibungThe malware is masquerading itself as the legitimate Stockfolio app.
Symptome The presence of a malicious zip file.
VerteilungsmethodeThrough a website
Detection Tool See If Your System Has Been Affected by Trojan.MacOS.GMERA



BenutzererfahrungAbonnieren Sie unseren Forum to Discuss Trojan.MacOS.GMERA.


This variant was discovered during a check of suspicious shell scripts. The first sample that was analyzed was a zip archive file which contained an app bundle and a hidden encrypted file. The tricky part is that the fake app is masqueraded as the legitimate Stockfolio app but the researchers were able to identify its malicious components.

The app bundle turned out to be malicious, even though it tried to look like the legitimate Stockfolio 1.4.13 version signed with the malware author’s digital certificate. A comparison between this app and the legitimate app found on the website of Stockfolio revealed a number of differences.

It should be noted that when the potential victim executes the app, a trading app interface will indeed appear. Jedoch, the malicious process will also be started in the background of the Mac machine.

verbunden: OSX / Linkers Malware Nutzt bekannt Torwächter Vulnerability


Using the digital certificate of the first sample, the researchers successfully discovered a second variant, detected as Trojan.MacOS.GMERA.B. The malicious sample was uploaded to VirusTotal in June 2019. In similarity to the first variant, this one also contains an embedded copy of the Stockfolio app version 1.4.13 signed with the same digital certificate. The app is also launched in an identical way and is disguising its malicious process.

Jedoch, one of the main differences in the second variant, aside from the simplified routine, is the presence of a persistence mechanism possible through the creation of a property list (plist)
Datei: ~/Library/LaunchAgents/.com.apple.upd.plist, die Forscher entdeckt.

Trend Micro reached out to Apple before they published their findings. Apple said that the code signing certificate of this fake app’s developers was revoked in July.

entfernen Trojan.MacOS.GMERA

If you suspect that you have been compromised by this Trojan, you can use the removal insructions below the article. Jedoch, note that the Trojan may be detected under a different name.


Milena Dimitrova

Ein inspirierter Schriftsteller und Content-Manager, der mit SensorsTechForum ist seit 4 Jahre. Genießt ‚Mr. Robot‘und Ängste‚1984‘. Konzentriert sich auf die Privatsphäre der Nutzer und Malware-Entwicklung, sie die feste Überzeugung, in einer Welt, in der Cybersicherheit eine zentrale Rolle spielt. Wenn der gesunde Menschenverstand macht keinen Sinn, sie wird es sich Notizen zu machen. Diese Noten drehen können später in Artikel!

Mehr Beiträge

Schreibe einen Kommentar

Ihre E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind markiert *

Frist ist erschöpft. Bitte laden CAPTCHA.

Auf Facebook teilen Teilen
Loading ...
Empfehlen über Twitter Tweet
Loading ...
Share on Google Plus Teilen
Loading ...
Share on Linkedin Teilen
Loading ...
Empfehlen über Digg Teilen
Teilen auf Reddit Teilen
Loading ...
Empfehlen über Stumbleupon Teilen
Loading ...