Malwarebytes, a platform that protects users against malware, malicious websites, and other advanced online threats reported that 1vladimir, a contributor to the Malwarebytes forum noticed that CoinTicker iOS app which was used to monitor cryptocurrency prices was privately installing two different backdoors onto the computers.
The report further stated that the app did not display any type of harmful activity, so a user will regularly use the app without realizing that they are vulnerable to being hacked. Post installation, the CoinTicker app will allow its users to select those cryptocurrencies whose prices are to be monitored. Some of the major cryptocurrencies include Bitcoin [BTC], Ethereum [ETH], and Monero [XMR].
Furthermore, a small widget will be added onto the macOS menu bar that updates the prices as they fluctuate. Once the application is installed on the computer, CoinTicker is used to download EvilOSX and EggShell which are open-source backdoors.
Post installation, a custom compiled version of the EggShell server is downloaded on the macOS with the help of shell commands. Although the goal of the hacker behind using this malware is still very unclear, both EggShell and EvilOSX are backdoors which can be used for gaining access to cryptocurrency wallets of users in order to steal cryptocurrency.
The report stated that this could have been a potential supply chain attack, in which the creator and the application itself is legitimate but the website is hacked by a third party to spread a malicious version of the app.
Further investigation revealed that the app was never legitimate in the first place. This is because the domain name of the application is “coin-sticker.com” which is not the same as the name of the application. According to the report, a wrong domain name was something which was “awfully sloppy” if it was a legitimate app.
In addition, the domain name was only registered a couple of months ago which has created further suspicion. The report further added that the malware did not require any root permissions whereas there is usually an inaccurate emphasis on the malware’s need for root privileges. On the contrary, this malware is an example that they do not need root privileges to have a high potential for danger.
Subscribe to AMBCrypto’s Newsletter
Ethereum [ETH] Constantinople hard fork could take place in the next 2 to 6 weeks
Tron [TRX] Technical Analysis: Coin falls into the bear trap
Bitcoin [BTC] mining pool dominance dwindles and shifts to unknown miners
Cryptopia hack: Case involving Ethereum-based tokens takes a new turn in the market
Grin [GRIN]’s great fall: The new privacy-oriented coin plummets by 97% within a day
Bitcoin [BTC]: A piggybacking Proof-of-Proof blockchain has almost 20% of Bitcoin’s daily transactions
Ripple’s xRapid customer SendFriend will go live by Q1 in 2019, says CEO David Lighton
Venezuelan government decrees crypto operators to pay taxes in cryptocurrency
Bitcoin SV [BSV] emerges as top gainer with 11% growth; Tron [TRX] continues massive fall
XRP reaches Australia as FlashFX adopts Ripple’s cryptocurrency
Stolen Ethereum-based tokens transferred to Binance and other top exchanges
Cryptocurrency trading platforms will be inspected by Bulgarian National Revenue Agency
- Press Release
LIQNET – liquidity focused cryptocurrency exchange
Bitcoin [BTC] block halving is 66% complete; next block halving in 495 days