CoinTicker — crypto malware warning for Mac users

Image for post
Image for post

Cybersecurity firm Malwarebytes has issued a warning to Mac users regarding a cryptocurrency ticker application called CoinTicker that appears to be installing two backdoors on Apple Macs.

What is the malware doing?

The app downloads and installs parts of two different pieces of malware — EvilOSX and EggShell — both of which are backdoor applications that can be used to log keystrokes, steal data or execute certain commands. Malwarebytes directors say it is possibly being used to steal cryptocurrency keys.

As you might expect, the Cointicker app looks harmless, and offers a service where users can ask for the price of bitcoin, ethereum, monero, zcash and others. However, with it comes the two pieces of malware.

Furthermore, because the app doesn’t need any root or other elevated permissions, the user is unlikely to see any sign of infection.

Malwarebytes’ director of Mac and Mobile Thomas Reed told the media that it was unclear what the app’s creators were trying to achieve, but said he believes “it seems likely that the malware is meant to gain access to users’ cryptocurrency wallets for the purpose of stealing coins.” The fact that the malware is being distributed through a crypto-related app supports his theory.

So, please be careful if you’re a Mac user!

Written by

A blockchain platform that will take banking to another level

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store