Light Dark
September 23, 2019 By David Bisson 2 min read

A new Mac malware family is masquerading as a legitimate trading app to steal victims’ data and then upload it to a website.

Trend Micro found two samples of the Mac malware family, detected as Trojan.MacOS.GMERA.A, both disguised as the Stockfolio trading app.

The first sample arrived as a .ZIP archive file that contained a copy of the Stockfolio app modified with the attackers’ own digital certificate. When executed, the variant displaced the trading app interface while it performed its malicious functions in the background. These capabilities collected users’ system information, encoded it, saved it in a hidden file and then uploaded it to hxxps://appstockfolio.com/panel/upload[.]php, a domain that was active in January and February.

The researchers used the digital certificate of the first malware sample to detect the second version. That iteration also contained an embedded copy of the Stockfolio app that used the attackers’ digital certificate, and launched the app in a similar way to disguise its malicious intents. Even so, the variant came with a simplified routine and established persistence by creating a property list (plist) file.

A Summer of Mac Malware Campaigns

Trojan.MacOS.GMERA.A isn’t the only Mac malware family that has made headlines in 2019. In June, Malwarebytes detected a threat called Bird Miner that hid within the cracked installer for Ableton Live music production software to infect Mac users with a cryptocurrency miner. Around the same time, Intego spotted malware called CrescentCore posing as Flash Player and using several evasion techniques to avoid detection. Shortly thereafter, Intego observed a threat named NewTab attempting to inject itself into the Safari browser.

How to Defend Against Trojan.MacOS.GMERA.A

Security professionals can help defend against Trojan.MacOS.GMERA.A and similar threats by creating a security awareness training program that educates employees on the tech they’re using and encourages them to download apps only from trusted developers on official app marketplaces. Security leaders should also consider investing in a mobile device management (MDM) solution that applies to internet of things (IoT) products and integrates with existing security tools.

 |  |  |  |  | 
David Bisson
Contributing Editor

More from

January 30, 2025

When ransomware kills: Attacks on healthcare facilities

4 min read - As ransomware attacks continue to escalate, their toll is often measured in data loss and financial strain. But what about the loss of human life? Nowhere is the ransomware threat more acute than in the healthcare sector, where patients’ lives are literally on the line.Since 2015, there has been a staggering increase in ransomware attacks on healthcare facilities. And the impacts are severe: Diverted emergency services, delayed critical treatments and even fatalities. Meanwhile, the pledge some ransomware groups made during…

January 29, 2025

AI and cloud vulnerabilities aren’t the only threats facing CISOs today

6 min read - With cloud infrastructure and, more recently, artificial intelligence (AI) systems becoming prime targets for attackers, security leaders are laser-focused on defending these high-profile areas. They’re right to do so, too, as cyber criminals turn to new and emerging technologies to launch and scale ever more sophisticated attacks.However, this heightened attention to emerging threats makes it easy to overlook traditional attack vectors, such as human-driven social engineering and vulnerabilities in physical security.As adversaries exploit an ever-wider range of potential entry points…

January 28, 2025

4 trends in software supply chain security

4 min read - Some of the biggest and most infamous cyberattacks of the past decade were caused by a security breakdown in the software supply chain. SolarWinds was probably the most well-known, but it was not alone. Incidents against companies like Equifax and tools like MOVEit also wreaked havoc for organizations and customers whose sensitive information was compromised.Expect to see more software supply chain attacks moving forward. According to ReversingLabs' The State of Software Supply Chain Security 2024 study, attacks against the software…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature