The Cointicker App for Mac has been discovered to install a pair of malware backdoor apps, in addition to the same application per se. This was found by The team of Malwarebytes Labs team that inquired after detecting a strange behavior of the app in the background. the application functionality is not affected by this fat, nut in the background many things are happening.
The Cointicker App
Cointicker apps are very popular in the cryptocurrency world. These are apps that let you follow the price of your favorite cryptocurrencies to know the price of the asset at the moment, and act accordingly.
Anyone that has invested in cryptocurrencies has stood worried or glad against a monitor of a PC installed with one of these apps, or directly from an exchange on the internet. The Cointicker App for Mac replicates this functionality, but it brings worries not because of the prices, but because of what lies beneath.
A user on Malwarebytes Lab forum found that the application had a quirky behavior behind the scenes and start investigating it. He found that the application, while being indeed legit on its functionality, also installed two malware applications that opened backdoors to the infected computers.
The application was found to install two known malware backdoors along with its setup: EggShell and EvilOSX. Eggshell is a very dangerous surveillance tool that allows the attacker to take control of the infected computer in very invasive ways: it lets you have control and access to the user filesystem, mics, keyboard strokes, and even his camera.
EvilOSX is also a tool in the same vein that EggShell, with the difference that this malware includes as a feature security prompts to acquire quickly the user root password, and also uploading and downloading files from the infected host.
The fact that this app installs not one, but two remote administration tools, talks about the virulence of the intended attack. Hackers also attacked with social engineering by distributing this malware with a cryptocurrency app.
Working For Profits
It is clear that the objective of embedding this two malware apps with the Cointicker App for Mac was to position them on computers of cryptocurrency enthusiasts that are probably invested on cryptocurrencies, who are more incentivized to download this app due to its provided functionality.
Then when these users would access their wallets, the hackers would copy their keys to then access their accounts and take their cryptocurrencies away. The app has already been marked as malware, but there is no way of knowing how many people were affected by this.