![mac cryptocurrency ticker mac cryptocurrency ticker](https://www.heise.de/select/mac-and-i/2019/6/1576354849287999/contentimages/image-1574841184866832.jpg)
Adding further suspicion, it seems that this domain was just registered a few months ago on July 13. Getting the domain name wrong seems awfully sloppy if this were a legitimate app. This is close to, but not quite the same as, the name of the app. First, the app is distributed via a domain named.
![mac cryptocurrency ticker mac cryptocurrency ticker](https://i.ytimg.com/vi/xTG-0T40hpQ/maxresdefault.jpg)
Since the malware is distributed through a cryptocurrency app, however, it seems likely that the malware is meant to gain access to users’ cryptocurrency wallets for the purpose of stealing coins.Īt first, this looked like it could have been a supply chain attack, in which a legitimate app’s website is hacked to distribute a malicious version of the app However, on further inspection, it looks like this app was probably never legitimate to begin with.
#Mac cryptocurrency ticker download#
The app executes shell command to download a custom-compiled version of the EggShell server for macOS.Īnalysis of the malware doesn’t reveal exactly what it is up to – it essentially creates backdoors that can be exploited in a wide range of different ways – the company thinks the goal isn’t hard to guess.Īlthough it’s unknown exactly what goal the hacker behind this malware had in mind, both EggShell and EvilOSX are broad-spectrum backdoors that can be used for a variety of purposes. When launched, however, the app downloads and installs components of two different open-source backdoors: EvilOSX and EggShell.