Cybersecurity firm Malwarebytes has issued a warning to Mac users regarding a cryptocurrency ticker application called CoinTicker that appears to be installing two backdoors on Apple Macs.
What is the malware doing?
The app downloads and installs parts of two different pieces of malware — EvilOSX and EggShell — both of which are backdoor applications that can be used to log keystrokes, steal data or execute certain commands. Malwarebytes directors say it is possibly being used to steal cryptocurrency keys.
As you might expect, the Cointicker app looks harmless, and offers a service where users can ask for the price of bitcoin, ethereum, monero, zcash and others. However, with it comes the two pieces of malware.
Furthermore, because the app doesn’t need any root or other elevated permissions, the user is unlikely to see any sign of infection.
Malwarebytes’ director of Mac and Mobile Thomas Reed told the media that it was unclear what the app’s creators were trying to achieve, but said he believes “it seems likely that the malware is meant to gain access to users’ cryptocurrency wallets for the purpose of stealing coins.” The fact that the malware is being distributed through a crypto-related app supports his theory.
So, please be careful if you’re a Mac user!