A crypto ticker applicationreferred to asCoinTickerseemsto beinstalling in2backdoors on Apple Macs, cybersecurity firm Malwarebytes warnedrecently.
The app downloads and installssectionsof2totally alternative parts of malware – EvilOSX and EggShell –eachofthatarebackdoor applicationsthat maybeemployed tolog keystrokes, stealinformationor executespecificcommands. Malwarebytes director ofMacbookand Mobile Thomas Reed wrote thatit’spossiblethe malware was designed to steal cryptocurrency keys.
CoinTicker acts as a legitimate application designed torepresentthe valueofa specificcryptocurrencyon request. The userinstalling inthe applicationcouldmake a choice fromranging from Bitcoin [BTC], Ethereum [ETH], Monero [XMR], ZCash [ZCH]along with others, as perthe screenshots. However, the appconjointlyinstalls EvilOSX andEggShellwithin thebackground.
The appdoesn’tneedroot ordifferentelevated permissions,that meansthe userdoubtlesswon’tsee any sign of infection.
It’s unclear what specifically the app’s creatorsdesire,howeverReed noted that “itlooksdoubtlessthat the malwareis supposedto gainaccess to users’ cryptocurrency wallets forthe aimof stealing coins.”
The fact that the malware is distributed through a crypto app supports this theory.
Adding further, he wrote:
“Malwarebytes forMacbookcurrentlyappearsfor the CoinTicker app,along with its malwarecomponents, he added.”