Malwarebytes, a platform that protects users against malware, malicious websites, and other advanced online threats reported that 1vladimir, a contributor to the Malwarebytes forum noticed that CoinTicker iOS app which was used to monitor cryptocurrency prices was privately installing two different backdoors onto the computers.
The report further stated that the app did not display any type of harmful activity, so a user will regularly use the app without realizing that they are vulnerable to being hacked. Post installation, the CoinTicker app will allow its users to select those cryptocurrencies whose prices are to be monitored. Some of the major cryptocurrencies include Bitcoin [BTC], Ethereum [ETH], and Monero [XMR].
Furthermore, a small widget will be added onto the macOS menu bar that updates the prices as they fluctuate. Once the application is installed on the computer, CoinTicker is used to download EvilOSX and EggShell which are open-source backdoors.
Post installation, a custom compiled version of the EggShell server is downloaded on the macOS with the help of shell commands. Although the goal of the hacker behind using this malware is still very unclear, both EggShell and EvilOSX are backdoors which can be used for gaining access to cryptocurrency wallets of users in order to steal cryptocurrency.
The report stated that this could have been a potential supply chain attack, in which the creator and the application itself is legitimate but the website is hacked by a third party to spread a malicious version of the app.
Further investigation revealed that the app was never legitimate in the first place. This is because the domain name of the application is “coin-sticker.com” which is not the same as the name of the application. According to the report, a wrong domain name was something which was “awfully sloppy” if it was a legitimate app.
In addition, the domain name was only registered a couple of months ago which has created further suspicion. The report further added that the malware did not require any root permissions whereas there is usually an inaccurate emphasis on the malware’s need for root privileges. On the contrary, this malware is an example that they do not need root privileges to have a high potential for danger.
Subscribe to AMBCrypto’s Newsletter
XRP market is manipulated and manipulators fix the support, says prominent trader
Bitcoin [BTC/USD] Price Analysis: Bears take over coin as bulls lose momentum
Bitcoin [BTC] fraud main suspect Alexander Vinnik files request for extradition to Russia
EOS, Tron, and Ethereum are the top-three public chains, says CCID Research Institute
XRP receives another boost as Canadian cryptocurrency exchange Bitbuy adds coin to its roster
Flash hike: Qtum skyrockets by over 36% in 1-hour after Apple Pay & Samsung Pay announcement
Craig Wright’s Twitter account suspended after threatening harassment and libel lawsuits
Qtum partnership with Zeus enables users to trade cryptocurrency on Apple Pay, Samsung Pay
Bitcoin Cash [BCH] developers introduce privacy-protecting lightweight protocol, Neutrino
Bitcoin Cash [BCH] Price Analysis: Bears return as market correction precipitates decline
Bitcoin [BTC]: Dubai gets its first ATM; users can acquire BTC using any fiat currency
CFTC Commissioner: Regulated cryptocurrency market could attract institutional investors
Bitmain’s overproduction of ASIC miners led to lower mining profits, claims miner
Binance is going country-hunting in search of their ‘regulatory paradise,’ says report