Getting your Trinity Audio player ready...
|
Mac computer users have always touted the computers to be better than Windows-based machines due to a greater degree of security provided to the users. However, a number of instances have been recorded recently that are beginning to show the cracks in their theory. There have been several cases of high-profile malware being discovered on MacOS computers and another has just been found.
Thomas Reed, Malwarebytes Director of Mac & Mobile, published a blog post recently talking about the discovery of an issue with cryptocurrency tracking application CoinTicker. His investigation into the issue began after being tipped off by a Mac user, leading Reed to write the blog post and discuss the issue on Twitter. He said, “An astute contributor to our forums going by the handle 1vladimir noticed that an app named CoinTicker was exhibiting some fishy behavior over the weekend. It seems that the app is covertly installing not just one but two different backdoors.”
CoinTicker providers an app that allows users to track a number of cryptocurrencies, including Bitcoin BCH, as well as BTC, ETH and many others. It pools data from a number of exchanges and then displays it in a user-friendly format so users can watch how the markets are moving.
What the users didn’t know, however, is that the app also included the malware, which was more than likely added to the application in order to gain access to cryptocurrency wallets. CoinTicker contains Eggshell and EvilOSX, two forms of malware that give remote access to computers to perform any number of functions, depending on how they’re configured.
When he first started looking into the issue, Reed believed that CoinTicker could have had its website hacked and the legitimate app replaced with the infected version. However, as he dug deeper, he began to discover clues that led him to believe that the app might not have been legitimate from the start.
Reed explained, “First, the app is distributed via a domain named coin-sticker.com. This is close to, but not quite the same, as the name of the app. Getting the domain name wrong seems awfully sloppy if this were a legitimate app. Adding further suspicion, it seems that this domain was just registered a few months ago on July 13.”
The malware goes to work as soon as a user logs onto the computer. It runs hidden in the background and doesn’t require any special permissions, not even root.
Malwarebytes offers a tool that identifies CoinTicker as the OSX.EvilEgg malware. Anyone that has installed the app should scan their computers and remove any instances of CoinTicker. Most importantly, don’t install anything that isn’t from reliable sources.