CoinTicker

CoinTicker is a deceptive piece of malware that, on the surface, appears to be a legitimate application potentially useful for cryptocurrency investors. However, this software is designed to exploit and damage your computer or device, infiltrating the system through seemingly innocuous downloads, emails, or websites. Once installed, it can steal personal information, disrupt operations, or even hold data hostage for ransom. Notably, CoinTicker does not require anything beyond normal user permissions, making it particularly insidious. The CoinTicker app also establishes a user launch agent, named .espl.plist, which periodically runs the same command, thereby ensuring its persistent presence on the infected device. This aspect of the malware allows it to continuously monitor and interfere with the user's activities. Like many other malware and adware families, including Shlayer and Bundlore, CoinTicker uses the built-in utility curl to download its payload, further demonstrating its sophisticated design. In response to the threat posed by CoinTicker, Malwarebytes for Mac has updated its detection capabilities to identify and remove this malicious application, along with the other components of the malware, under the designation OSX.EvilEgg. This proactive step aims to protect users from the potential harm caused by CoinTicker, ensuring the safety and integrity of their systems and personal information.