CoinTicker Cryptocurrency App Caught Installing Backdoors on macOS

  • Security researchers at Malwarebytes have discovered a malware that installs backdoors into macOS systems.
  • CoinTicker is a legitimate app that allows users the ability to monitor cryptocurrency prices.
  • The developers of the app have not yet responded to the controversy.

Security researchers at Malwarebytes have found CoinTicker installing multiple backdoors on macOS systems. CoinTicker was originally developed to let users monitor the prices of cryptocurrency based on market value. It is currently unknown if the developers of the app created the app for malicious purposes or if it was compromised by external sources.

Once installed, the infected CoinTicker app secretly installs two backdoors into macOS systems, allowing attackers the ability to take control of a computer remotely. The trojan was first spotted by Malwarebyte’s forum member named 1vladimir. Upon further investigation, it was revealed that upon execution the malicious app connects to a remote host and downloads a number of python and shell scripts which download and install backdoors when executed.

The trojan downloads custom versions of EggShell and EvilOSX backdoors from a public GitHub repository which has currently been taken down. The scripts install the EggShell backdoor first and create a launch agent which sets up the program to activate its backdoor whenever a user logs in to a Mac device. After the first backdoor is created, the EvilOSX backdoor is created using an obfuscated script.

Code obfuscation is a common trick used by developers to let apps fly under the radar of several security checks that app stores have in place on popular platforms. Recently Google made changes to its policy to prevent any apps with obfuscated code from being published on any of its platforms. It is likely that other software marketplaces like App Store and Microsoft Store will follow suit.

The developers of the app have not yet commented on the issue, and there is no contact information available either which makes the app look suspicious. It is entirely possible that the app was created to distribute the trojan.

What do you think about the infected CoinTicker app? Let us know in the comments below. If you could share the article online, it would also be great so others can find it too. Come chat with us on Facebook and Twitter


Recent Articles

‘Mercadona’ Probed by Data Protection Office for Facial Recognition Deployment

Mercadona decided to launch a pilot program based on the deployment of AI-based facial recognition systems. The supermarket chain has announced this...

How to Watch ‘Married at First Sight’ Online – Live Stream Season 11

Getting married at first sight isn't something most of us would even ever consider, but here we are, enjoying a reality TV show that's...

10 Best G-Sync Gaming Monitors in 2020

Here's a summary of the Best G-Sync Gaming Monitors in 2020 Best 4K G-Sync Monitor – Asus ROG Swift PG65UQ 65” Best 1440p G-Sync...

Critical SAP Vulnerability Could Lead to Corporate Network Takeover

SAP releases a critical patch, plugging severe remote server takeover hole that requires no authentication. The discoverer of the vulnerability is ready...

The New “Spox” Phishing Kit Makes Campaign Deployment Easier

A new phishing kit has appeared and is growing in popularity quickly, thanks to its user-friendly approach. The kit is called “Spox,”...