Users of Mac computers have always propagandized computers to be better than Windows-based computers because of a greater level of security provided to users. However, a number of cases have recently been recorded which are beginning to show cracks in their theory. There have been several cases of high-profile malware discovered on MacOS computers and another has just been found.
Thomas Reed, Malwarebytes Director of Mac and Mobile, published a blog post recently talking about the discovery of a problem with the CoinTicker cryptocurrency tracking application. His investigation of the problem began after being revealed by a Mac user, bringing Reed to write the blog post and discuss the problem on Twitter. He said: "A crafty contributor to our forums that dealt with the handguard 1vladimir noted that an app called CoinTicker showed some fish behaviors on weekends. It appears that the app is secretly installing not just one, but two different backdoors. "
CoinTicker provides an app that allows users to monitor a number of cryptocurrencies, including Bitcoin BCH, Bitcoin Core, Ethereum and more. It collects data from a number of exchanges and then displays them in an easy-to-use format so that users can see how markets move.
What the users did not know, however, is that the app also included malware, which was more than likely added to the application in order to gain access to cryptocurrency portfolios. CoinTicker contains Eggshell and EvilOSX, two types of malware that allow remote access to computers to perform any number of functions, depending on how they are configured.
When he started looking into the problem, Reed believed that CoinTicker could have had his compromised website and the legitimate app replaced with the infected version. However, as he dug deeper, he began to discover clues that led him to believe that the app might not have been legitimate from the beginning.
Reed explained: "First, the app is distributed via a domain called coin-sticker.com .This is close, but not quite the same, to the app name. Getting the wrong domain name seems terribly sloppy if it were a legitimate app.Adding further suspicions, it seems that this domain was just registered a few months ago on July 13th. "
The malware works as soon as a user logs on to the computer. It works hidden in the background and does not require special permissions, not even root.
Malwarebytes offers a tool that identifies CoinTicker as OSX.EvilEgg malware. Anyone who has installed the app must scan their computers and remove any instances of CoinTicker. Above all, do not install anything that does not come from reliable sources.