Crypto Price Tracking App CoinTicker Installs Backdoors to Control Host Computer: Report

Published at: Oct. 30, 2018

Cybersecurity publications were sounding the alarm over cryptocurrency malware again Monday, Oct. 29 after a Malwarebytes forum user reported a price monitoring app for macOS was a trojan.

Confirmed in a blog post by the cybersecurity software developer, community member 1vladimir reported suspicious behavior by an app called CoinTicker over the weekend.

The app purports to let users track cryptocurrency prices from within the Mac toolbar, which update automatically.

“Although this functionality seems to be legitimate, the app is actually up to no good in the background, unbeknownst to the user,” Malwarebytes’ blog post explains, adding:

“Without any signs of trouble, such as requests for authentication to root, there’s nothing to suggest to the user that anything is wrong.”

Upon further inspection, it became clear CoinTicker contained script that would download two backdoors onto the host machine, allowing a remote party to take control of it.

The Github repository from which the CoinTicker malware downloaded the backdoors has since been deleted, tech magazine Bleeping Computer meanwhile notes.

In its own analysis, the publication suggests the app could well have purely been developed to distribute the trojan.

While it is unknown how many machines the malware has infected in the few days since its discovery, the episode is a further reminder of the voracity of attackers targeting cryptocurrency investors.

As Cointelegraph has frequently reported, malware continues to surface, often in the form of hidden crypto mining scripts or even schemes that empty mobile or other hot wallets.

Earlier this month, Google opted to remove all extensions with so-called obfuscated code – a feature which masks their purpose – from its Web Store in an effort to combat the problem.

Tags
Related Posts
Researchers Detect New North Korea-Linked MacOS Malware on Crypto Trading Site
Security researchers have discovered a new cryptocurrency-related macOS malware believed to be the product of North Korean hackers at the Lazarus Group. As tech-focused publication Bleeping Computer reported on Dec. 4, malware researcher Dinesh Devadoss encountered a malicious software on a website called “unioncrypto.vip,” that advertised a “smart cryptocurrency arbitrage trading platform.” The website did not cite any download links, but hosted a malware package under the name “UnionCryptoTrader.” Linkage to North Korean hackers According to the researchers, the malware can retrieve a payload from a remote location and run it in memory, which is not common for macOS, but …
Asia / Dec. 4, 2019
15 Arrested in China for Allegedly Bribing Internet Cafe to Mine Crypto
Chinese authorities arrested fifteen men suspected of corrupting an internet café administrator to mine cryptocurrency. Local crypto industry news outlet 8BTC reported on Sept. 3 that police in Henyang, a city in south central China’s Hunan province, arrested the man for cryptojacking. Over 9,000 computer administrators were reportedly involved in helping the unauthorized mining operation. A profitable endeavor The cryptocurrency mined by the suspects in the four months ending in July has been sold for over a hundred million yuan (about $14 million). Local police received a report suggesting that many local Internet cafes were running cryptojacking malware. The findings …
China / Sept. 4, 2019
Researchers Discover New Cryptocurrency-Focused Trojan
Computer analysts at cybersecurity firm Zscaler ThreatLabZ have found a new type of trojan that targets cryptocurrency users. In a blog post published on Aug. 8, the company reveals that it identified a new remote-access trojan (RAT) that is able to capture administrative control of the targeted computer, retrieve browser history and look for activities involving cryptocurrency, credit cards, business, social media and others. The malware is called Saefko and is written in .NET, a software framework developed by Microsoft and used to develop a wide range of applications. The post further explains: “RATs are usually downloaded as a result …
Cryptocurrencies / Aug. 9, 2019
Report: Container Software Vulnerabilities On the Rise, Mining Malware Is Fading Away
Cryptocurrency ransomware, botnets and backdoors seem to have replaced cryptocurrency mining malware as the tool of choice for cybercriminals, according to a recent report from computer security firm Skybox Security. In its report dubbed “2019 Vulnerability and Threat Trends: Mid-Year Update,” Skybox reviews software vulnerabilities and newly developed exploits, as well as malware and attacks, among other related issues. Cloud services vulnerabilities are on the rise When it comes to digital currencies, the report notes that in 2018, cryptocurrency mining malware was the most popular tool for cybercriminals. However, following the decline in cryptocurrency values, attackers reportedly turned to ransomware, …
Cryptocurrencies / July 24, 2019
South Korea: Four ‘Young’ Hackers Booked in Cryptojacking Case Targeting Over 6,000 PCs
Four “young” hackers have been arrested in a cryptojacking case involving over 6,000 computers in what is allegedly South Korea’s “first” known case of its kind, Korean English-language news outlet Aju Daily reports Nov. 8. Cryptojacking is the practice of using a computer’s processing power to mine for cryptocurrencies without the owner’s consent or knowledge. Aju Daily cites a statement from the National Police Agency's cyber bureau that clarified that the four accused had not been detained, but would face a trial for allegedly infecting 6,038 PCs with malicious mining malware, which had been concealed in job application documents sent …
Cryptocurrencies / Nov. 8, 2018