Source |
TrendLabs Security |
Identifiant |
1349573 |
Date de publication |
2019-09-20 11:51:45 (vue: 2019-09-20 19:00:05) |
Titre |
Mac Malware that Spoofs Trading App Steals User Information, Uploads it to Website |
Texte |
We recently found and analyzed a malicious malware variant that disguised itself as a legitimate Mac-based trading app called Stockfolio. We found two variants of the malware family. The first one contains a pair of shell scripts and connects to a remote site to decrypt its encrypted codes while the second sample, despite using a simpler routine involving a single shell script, is actually incorporates a persistence mechanism.
|
Envoyé |
Oui |
Condensat |
actually analyzed app appeared based called codes connects contains decrypt despite disguised encrypted family first found incorporates information involving its itself legitimate mac malicious malware mechanism one pair persistence post recently remote routine sample script scripts second shell simpler single site spoofs steals stockfolio trading two uploads user using variant variants website we |
Tags |
Malware
|
Stories |
|
Notes |
|
Move |
|