A crypto ticker application referred to as CoinTicker seems to be installing in 2 backdoors on Apple Macs, cybersecurity firm Malwarebytes warned recently.
The app downloads and installs sections of 2 totally alternative parts of malware – EvilOSX and EggShell – each of that are backdoor applications that may be employed to log keystrokes, steal information or execute specific commands. Malwarebytes director of Macbook and Mobile Thomas Reed wrote that it’s possible the malware was designed to steal cryptocurrency keys.
CoinTicker acts as a legitimate application designed to represent the value of a specific cryptocurrency on request. The user installing in the application could make a choice from ranging from Bitcoin [BTC], Ethereum [ETH], Monero [XMR], ZCash [ZCH] along with others, as per the screenshots. However, the app conjointly installs EvilOSX and EggShell within the background.
The app doesn’t need root or different elevated permissions, that means the user doubtless won’t see any sign of infection.
It’s unclear what specifically the app’s creators desire, however Reed noted that “it looks doubtless that the malware is supposed to gain access to users’ cryptocurrency wallets for the aim of stealing coins.”
The fact that the malware is distributed through a crypto app supports this theory.
Adding further, he wrote:
“Malwarebytes for Macbook currently appears for the CoinTicker app, along with its malware components, he added.”