Malwarebytes, a platform that protects users against malware, malicious websites, and other advanced online threats reported that 1vladimir, a contributor to the Malwarebytes forum noticed that CoinTicker iOS app which was used to monitor cryptocurrency prices was privately installing two different backdoors onto the computers.
The report further stated that the app did not display any type of harmful activity, so a user will regularly use the app without realizing that they are vulnerable to being hacked. Post installation, the CoinTicker app will allow its users to select those cryptocurrencies whose prices are to be monitored. Some of the major cryptocurrencies include Bitcoin [BTC], Ethereum [ETH], and Monero [XMR].
Furthermore, a small widget will be added onto the macOS menu bar that updates the prices as they fluctuate. Once the application is installed on the computer, CoinTicker is used to download EvilOSX and EggShell which are open-source backdoors.
Post installation, a custom compiled version of the EggShell server is downloaded on the macOS with the help of shell commands. Although the goal of the hacker behind using this malware is still very unclear, both EggShell and EvilOSX are backdoors which can be used for gaining access to cryptocurrency wallets of users in order to steal cryptocurrency.
The report stated that this could have been a potential supply chain attack, in which the creator and the application itself is legitimate but the website is hacked by a third party to spread a malicious version of the app.
Further investigation revealed that the app was never legitimate in the first place. This is because the domain name of the application is “coin-sticker.com” which is not the same as the name of the application. According to the report, a wrong domain name was something which was “awfully sloppy” if it was a legitimate app.
In addition, the domain name was only registered a couple of months ago which has created further suspicion. The report further added that the malware did not require any root permissions whereas there is usually an inaccurate emphasis on the malware’s need for root privileges. On the contrary, this malware is an example that they do not need root privileges to have a high potential for danger.
Subscribe to AMBCrypto’s Newsletter
Litecoin [LTC]’s ecosystem sees aggressive adoption; scams continue to defame the coin
Stellar Lumens [XLM/USD] Technical Analysis: Bulls rest while bears plan siege
XRP/USD Technical Analysis: Market confused amidst a reddish hue
Cardano [ADA/USD] Technical Analysis: Bear is still king of the market
Bitcoin [BTC] rewards start-up raises $2.25 million; Bain Venture Capital one among the investors
XRP powered-xRapid and Ripple to get push for adoption through upcoming SWIFT GPI upgrade and Temenos?
XRP, Bitcoin [BTC], Ethereum [ETH] and Litecoin [LTC] bull run last year started in November: The outlook 1 year down the line
Ripple partner reveals platform moves “a couple billion”, hints at usage of XRP-powered xRapid in future
Bitcoin ETF fate to be decided by the SEC after November 5
“Bitcoin [BTC] will be made better than every other cryptocurrency”, says nChain’s Craig Wright
Ripple’s new xCurrent 4.0 with over 150 customers promises “increased product interoperability” with XRP-powered xRapid
IMF Official to Ripple Co-founder – IMF involved in research, publication on crypto-assets and blockchain
XRP breaks out above 4% within the span of an hour; new APIs enabled
XRP is “explicitly legalized and endorsed” in Thailand, reveals Ripple’s Garlinghouse