An app by the name CoinTicker was discovered to be creating backdoors on the user’s Mac devices. The app installs two open-source backdoors when installed, EvilOSX and Eggshell. In a case where an app installs something it usually notifies the user by requesting permission to grant access to the root directory, this is subverted in this case by not attempting to access the root directory. It can be assumed that the backdoor would be used to steal any information relating to the user’s cryptocurrency wallet. The app was never legitimate to begin with as it was distributed through a website of similar spelling, but with misspellings in place and with the website being deployed back in July. This is a prime example of always making sure you double check the legitimacy of whatever your downloading and to know that an app doesn’t need root access to do major damage to you.
Backdoor Installation in Crytpcurrency App
Published
TJJohnson Learning Security 