Malwarebytes Forum User Discovers a Crypto Tracker App That Secretly Installed Backdoors in Macs
HomeCryptocurrency NewsBitcoinist.com

Malwarebytes Forum User Discovers a Crypto Tracker App That Secretly Installed Backdoors in Macs

0 0 Monday, 29 October 2018 Edit this post

An astute Malwarebytes forums user recently noticed that a crypto price tracker application, called CoinTicker, covertly installed backdoo...

Kraken Spends ‘Nine Figures’ Acquiring FCA-Regulated Crypto Facilities
First Cinema in Brazil to Accept Bitcoin for Tickets
Israeli Paper Snubbed by ‘Bitcoin’ Over Hamas Terrorist Funding Claims

An astute Malwarebytes forums user recently noticed that a crypto price tracker application, called CoinTicker, covertly installed backdoors in Mac computers.

A recent blog post from Malwarebytes’ Thomas ReedDirector of Mac & Mobile, explains how a contributor on the Malwarebytes forum going by the name 1vladimir noticed an app called CoinTicker was secretly installing two different backdoors onto computers after download.

According to Reed, the webpage for application to the program heralds itself as “the best crypto-currency ticket for Mac,” since it lets users check out the prices of selected virtual currencies from the Mac menu bar.

The website displays information about prices for a number of supported cryptocurrencies, including Bitcoin (BTC) 00, Ethereum, and Monero.

Despite the seemingly innocent intentions on the surface, Reed explains how the application is “actually no good in the background,” since it, “downloads and installs components of two different open-source backdoors” upon launch.

Mac users are certainly not a stranger to crypto-related malware. In early July, Bitcoinist reported on a situation in which MacOS users who were chatting about cryptocurrencies on Slack and Discord were being targeted by attacks in an effort to get them to share malicious scripts.

Utilized to Gain Access to Cryptocurrency Wallets?

Reed explains how the backdoor components are called Eggshell and EvilOSX. He posts several screenshots in the blog post to show how the malicious programs embed themselves into a computer.

Lawrence Abrams of Bleeping Computer says the downloaded backdoors are customized versions of EggShell and EvilOSX that were taken from a now-offline GitHub repository.

Going further, Abrams writes how the EggShell and EvilOSX backdoors automatically start once a user logs into the Mac computer.

Reed notes how EggShell and EvilOEX are known as “broad-spectrum” backdoors that are able to be used for a number of different purposes.

He admits to not knowing for certain what the malware’s creator had in mind, but writes “it seems likely” it was being used to try and get access to a person’s digital currency wallet to steal funds.

Was the Application Even Remotely Legitimate?

According to the blog post, Reed first thought the scenario with CoinTicker was an example of a supply chain attack. This is where a “legitimate app’s website is hacked to distribute a malicious version.”

A Malwarebytes blog post from May 2017 details the story behind a supply chain attack on the Transmission torrent app, where it was hacked first to install the KeRanger ransomware, and then again to install the Keydnap backdoor.

However, Reed also muses the CoinTicker application might never have been legitimate from the start.

He points out how the website’s domain for the app (coin-sticker.com) was registered in mid-July and is not even the same name as the actual application.

Overall, Reed made a point about how the malware does not require anything other than “normal user permissions,” citing the scenario as a

“Perfect demonstration that malware does not need such privileges to have high potential for danger.”

What do you think about the situation with CoinTicker and the backdoor it has installed on Macs? Have you ever used the application? Let us know in the comments!

Images courtesy of CoinTicker, Shutterstock, Twitter (@thomasareed)

The post Malwarebytes Forum User Discovers a Crypto Tracker App That Secretly Installed Backdoors in Macs appeared first on Bitcoinist.com.



from Bitcoinist.com https://ift.tt/2EP5Ule

Labels:

SHARE:

Twitter Facebook Google Pinterest

RECOMMENDED FOR YOU

Bitcar Races to UAE – World’s No.1 Ultra-Luxury Car Market

Get Ready to Be Surprised During the Additional Round of e-Chat ICO

Name

Bitcoin News,5117,Bitcoinist.com,4741,Cryptocurrencies,4741,Cryptocurrencies Latest News,5117,Cryptocurrency Latest News,4741,Cryptocurrency News,9858,
ltr
item
Cryptocurrency Latest News: Malwarebytes Forum User Discovers a Crypto Tracker App That Secretly Installed Backdoors in Macs
Malwarebytes Forum User Discovers a Crypto Tracker App That Secretly Installed Backdoors in Macs
https://bitcoinist.com/wp-content/uploads/2018/10/shutterstock_196122536-541x420.jpg
Cryptocurrency Latest News
http://cryptocurrencylatest.blogspot.com/2018/10/malwarebytes-forum-user-discovers.html
http://cryptocurrencylatest.blogspot.com/
http://cryptocurrencylatest.blogspot.com/
http://cryptocurrencylatest.blogspot.com/2018/10/malwarebytes-forum-user-discovers.html
true
1236144943044321696
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS CONTENT IS PREMIUM Please share to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy