A cryptocurrency ticker application called CoinTicker appears to be installing two backdoors on Apple (NASDAQ:AAPL) Macs, cybersecurity firm Malwarebytes warned Monday.
The app downloads and installs parts of two different pieces of malware – EvilOSX and EggShell – both of which are backdoor applications that can be used to log keystrokes, steal data or execute certain commands. Malwarebytes director of Mac and Mobile Thomas Reed wrote that it is possible the malware was designed to steal cryptocurrency keys.
CoinTicker acts as a legitimate application designed to present the price of a selected cryptocurrency on request. The user installing the app can choose between bitcoin, ethereum, monero, zcash and others, according to a screenshot. However, the app also installs EvilOSX and EggShell in the background.