Thomas Reed is the Director of Mac and Mobile analysis and research at the renowned Malwarebytes and an expert at his job. We certainly don’t expect anything less than the best from Malwarebytes. Now, do we not?
Reed casually dropped the news of a dangerous malware that was identified by a Malwarebytes forum user, possibly Russian given the user id is Vladimir. The malware activates different backdoors on Mac machines disguised under the name CoinTicker.
Well, the queue was enough for Reed to get started who claims to have spent his Sunday afternoon and evening analyzing the malware and then finally writing a blog post about the latest reveal.
Just spent my Sunday afternoon and evening analyzing some new Mac malware and working on a blog post. The life of a security researcher… 😄
(And, of course, I enjoyed every minute of it. 😁)
Post coming soon!
— Thomas Reed (@thomasareed) October 29, 2018
Reed later revealed in the blog post that malware is a silent killer that acts behind the facade of a virtual currency tool that allows quick access to currency pricing from the toolbar.
The problem is in the very nature of the tool since it installs two open source backdoors EvilOSX and EggShell that can allow hackers and crackers access into your computer, therefore, compromising your security.
Backdoors were initially introduced by programmers as a fail-safe mechanism to regain access of their software in case of a breach. Over the years, hackers and intelligence agencies have installed backdoors into open source software to gain silent illegal access into a user’s computer.
CoinTicker appears to be a conscious effort to install backdoors into a user’s computer in order to gain administrative access however disguised innocently in open-source doors making it look like an honest mistake.