Crypto trojan leaves Mac users

Macbook pro by Startup stock photos by Pexels via

Crypto trojan leaves Mac users on high alert

The question of Macs and malware once again raised its ugly head last week with news that a seemingly innocuous cryptocurrency ticker was being used to gain access to and take control of Mac computers.

Crypto trojan leaves Mac users

Macbook pro by Startup stock photos by Pexels via

The malware was discovered at the end of last month, when a member of the Malwarebytes community identified a trojan after spotting suspicious activity by the Cointicker app. Within hours, dozens of cybersecurity websites had picked up the rallying call and were sounding the alarm.

What is Cointicker and what is it doing?

These are questions that everyone is still seeking to fully answer. The huge interest in Bitcoin, Ethereum and so on has led to an explosion of apps, most of which are above board, secure, externally audited and provide valuable insights into the cryptocurrency market. Inevitably, though, there are always some that are less transparent and do not have the user’s interests at heart. Cointicker seems to fall into the latter category.

On the face of it, it looks like a simple little tracker that provides up to the minute price information. When downloaded, it adds a widget to the menu bar that shows price movements as and when they happen. So far so good, but following deeper investigation, it has been found that the app is also doing something else in the background.

When launched, the app downloads and installs two different backdoors that are well known in the malware community, namely EggShell and EvilOSX. As yet, it is unclear just how many people have been affected, or indeed how long Cointicker has been quietly infecting machines in this way.

An even bigger question is where the malware originated from. The functionality of Cointicker is effective and accurate, but it has so far proved impossible to find out who developed the software. The website for the app provides only a download button and no contact details. There is the inevitable speculation, therefore, that rather than being compromised by external attackers, the app itself was created with malicious purposes in mind.

Mac security in the spotlight

For years, Mac users have sat back, confident that they are practically immune from malware and viruses, and watching on in amusement as their Windows-using friends fight a constant battle. However, recent months suggest that these days might be drawing to a close.

Back in August, another malware scare hit the headlines. Again it concerned the cryptocurrency sector and again, it was specifically targeting Mac users. On that occasion, the culprit was Lazarus, a well known collective of hackers based in North Korea, that has made a lucrative career out of stealing cryptocurrency.

Again, the malware got in through a crypto app that had been either compromised or created specifically as a false front for the organized crime gang.

The message is clear. Mac users can no longer assume that their operating systems are naturally immune, and those trading in cryptocurrency need to be especially vigilant and ensure their machines, as well as their digital coins, are adequately protected.