Cybersecurity publications again launched an alert on cryptocurrency malware on Monday, October 29, after a Malwarebytes forum user reported that a price tracking application for macOS was a trojan.
Confirmed in a blog post by the cybersecurity software developer, community member 1vladimir reported suspicious behavior from an app called CoinTicker over the weekend.
The application claims to allow users to monitor the prices of cryptocurrency from the Mac toolbar, which is automatically updated.
"Although this feature seems to be legitimate, the app is not really good in the background, without the user's knowledge," explains Malwarebytes blog post, adding:
"Without any sign of problems, such as authentication requests for the root, there is nothing to suggest to the user that something is wrong."
After a further inspection, it became clear that CoinTicker contained a script that would unload two backdoors on the host machine, allowing a remote party to take control of it.
The Github repository from which the CoinTicker malware downloaded the backdoors was then deleted, in the meantime the technology magazine Bleeping Computer.
In its analysis, the publication suggests that the app may have been developed exclusively to distribute the trojan.
While you do not know how many machines the malware has infected in the few days since its discovery, the episode is a further reminder of the voracity of attackers who target cryptocurrency investors.
As often reported by Cointelegraph, malware continues to emerge, often in the form of hidden cryptographic scripts or even schemes that empty wallets or other wallets.
Earlier this month, Google decided to remove all extensions with the so-called obfuscated code – a feature that masks their purpose – from its Web Store in an attempt to combat the problem.