![]() Thanks to Thomas Reed for additional information, as well as his original report. I would expect Apple to revoke that certificate very shortly, and to add this to existing malware protection. The developer certificate used for this is owned by Andrej Sevostopol, with an ID of 49LJX6DH22. Needless to say, Malwarebytes already detects this and its component OSX.EvilEgg. As far as I am aware, no property list in that folder should ever have a name which starts with com.apple., and that should always make you suspect the presence of malware.įull details of this are in Thomas Reed’s article on the Malwarebytes Labs website. ist, which will normally be invisible, and. Telltale indicators of their presence include two files installed in your ~/Library/LaunchAgents folder. These connect to remote servers, and its not yet clear what they aim to do. ![]() In addition to displaying information about cryptocurrency markets, it downloads and installs two items of malware: EvilOSX and EggShell. This is posing as a legitimate app for those who trade in cryptocurrency such as Bitcoin. Thomas Reed, of Malwarebytes, has just reported new malware which affects macOS: an app currently going under the name of CoinTicker, which has a valid developer signature.
0 Comments
Leave a Reply. |