Cointicker Installs Backdoors To Control Host Computers

Cybersecurity publications were sounding the alarm over cryptocurrency malware again after a Malwarebytes forum user reported a price tracking app because macOS was a trojan.

It was confirmed in a blog post by the cybersecurity software developers, Vladimir, a community member reported suspicious acts by an app called CoinTicker over the weekend.

The app reportedly lets clients have follow-ups on cryptocurrency prices from within the Mac toolbar which updates automatically.

The blog post explains that “Although this functionality seems to be legitimate, the app is actually up to no good in the background, unbeknownst to the user,”

“Without any signs of trouble, such as requests for authentication to root, there’s nothing to suggest to the user that anything is wrong.”

After further investigation, it became clear CoinTicker had a script that would download two backdoors onto the host machine enabling to a remote party to take control of it.

The Github repository from which the cointicker malware downloaded the backdoor has been deleted a long time ago.

Its own research, the publication recommends the app could have been cleanly developed to distribute trojan. Even though it is anonymous as to the number of machines the malware has infected since it has been discovered, it is also a reminder of the voracity of hackers concentrating on cryptocurrency investors.

As cointelegraph has reported before, malware proceeded to surface, often in the form if hidden crypto mining scripts or even plans that empty mobile or other hot wallets.

This month, Google tried to remove all extensions with obfuscated code which hides their plans from the web store for them to fight the issue.

 

Reply

Time limit is exhausted. Please reload CAPTCHA.