Handcash开发者推出比特币现金开发工具包Cashport







Handcash钱包的创建者发布了一款免费的软件开发工具包(SDK)Cashport, 供那些想把BCH网络应用到APP和网站上的程序员使用。这款名为Cashport的SDK是一个基于比特币现金网络、开源的小额支付系统,适用于Android操作系统以及可以整合到多种服务的Web Typescript。
推荐阅读:Nchain收购比特现金应用Handcash大部分股权

Cashport:一个新的比特币现金网络软件开发工具包

cashport-logo--300x54Handcash开发者为程序员发布了一个新工具Cashport,可使用比特币现金(BCH)进行小额支付。Cashport是一个使用比特币现金网络作为支付渠道并连接到Handcash钱包的系统。Cashport为Handcash钱包用户提供一键登陆服务,服务本身不收取任何费用,只收正常的比特币现金(BCH)网络费用。另外,这项服务不托管私钥,这意味着应用程序或Web服务永远不会持有用户资金。Reddit上有人问道,Cashport是不是像Cash ID和Money Button一样?团队的产品设计师Alex Agut回答说,“这是看待它的一种角度。”

“但(Cashport)也适用于手机应用和游戏——Cashport的目标是创建一个生态系统,让你的钱可以在成千上万的游戏和应用之间流动。”Agut在Reddit上解释道,“只需一个账户——不需要充值或提现、复制和粘贴或者扫描二维码——资金会流动。”

scom112-696x152

Agut表示,所有服务都与用户的Handcash钱包绑定,SDK还可用于开发游戏和移动应用程序。他还指出,这项工具会在后台默默工作,开发者就可以专注于API和UI。例如,社交媒体的打赏、在游戏里支付的钱、还有按分钟付费的模式。

“我们希望以一种非常简单的方式,让开发者和企业在不需要比特币知识的情况下就能实现小额支付。”Agut解释道。

uytrerrefwbs-523x420
Cashport支持一键登录Handcash钱包的handle系统。

Alex Agut:“API可以应用于任何交互或事件”

目前,SDK可用于Android和web typescript系统,两者都是在开放标准MIT许可下在Github上开源的。Cashport网站指出,iOS版本的代码库也将在不久发布。Handcash钱包的用户只需要一键登录,Handcash“handle”识别系统和钱包数据就会推送到开发者的应用。

Handcash开发者认为,Cashport系统是比特币现金货币化的一个重要组成部分。该平台的创建者表示,程序员现在可以专注于搭建高质量的内容。该团队表示开发者可以访问Cashport网站,获取部分API密钥,部署SDK,“货币将变得从未如此简单”。

发文时比特币现金价格:¥3062.52

你觉得Cashport SDK怎么样?欢迎在下面发表您对这一主题的看法。


图片来自Cashport、Handcash和Shutterstock。


需要换算你持有的比特币?欢迎使用我们的工具

原文链接:https://news.bitcoin.com/handcash-developers-launch-cashport-a-developer-kit-for-bitcoin-cash/
作者:Jamie Redman
翻译:Bitcoin.com







市场行情:BTC现货市场不受CME结算影响,Pantera首席执行官评论周期性情绪



加密货币市场相关的新闻:最近CEM期货合约的结算似乎对BTC现货价格的影响很小;Pantera Capital的首席执行官分享了他对ICO前景的展望,10月已经成为2018年最稳定的月份,截止撰稿时,只有一天价格的波动幅度超过了5%。
推荐阅读:2018年世界支付报告:新兴市场的非现金交易大幅增长

CME期货的结算对价格的影响很小

shutterstock_336658820-300x200最近CME比特币期货的结算似乎对现货市场的影响很小,有很多分析师推断,CME合约到期结算不会对比特币的价格产生重大影响。

许多分析师将期货市场明显缺乏影响力归咎于交易量不足。CME第三季日均成交量为5,000份合约,尽管较上季的3,500份增加了43%,但与第二季CME其他产品1,800万份合约相比,仍相形见绌。

丹·莫尔黑德:比特币现在“买一送二”

Dan-Morehead-Pantera-Capital-284x300-284x300-284x300在最近的加密货币投资峰会上,Pantera Capital首席执行官丹•莫尔黑德(Dan Morehead)在接受CNBC Crypto Trader的Ran Neu-Ner采访时,分享了他对当前加密货币熊市趋势以及围绕加密货币市场的周期性情绪的看法。

关于比特币和加密货币目前的价格表现,莫尔黑德说:“我认为这将持续几十年。我从2011年就开始涉足比特币,已经经历了几个这样的周期,在市场情绪完全释放前,还会有十几个周期,所以你必须以几年时间为跨度进行投资。”

“人性是顺周期的,”他继续说,“当市场在12月处于最高点的时候,FOMO的恶魔在你耳边低语……你非常想买,然而现在价格下降,你不会想要告诉你的另一半,你想买一个已经跌破70%的东西,因为这看起来很疯狂,但这实际上却是买入的良机。”

谈到Pantera对ICO的立场,摩尔黑德表示:“2013年Mastercoin(万事达币)出现,以及2014年以太坊问世以来,ICO就一直存在,并持续了很长一段时间,我们的基金很久以前就开始每月投资一两个ICO项目……去年5月ICO爆发,我们一周能看到有50个国内的代币项目,并表示“现在已经回归正常,每个月会有一两个真正有意思的项目。”

10月BTC日波动率达到2018年最低

截至本文撰写时,10月是2018年波动最小的一个月,只有一天价格波动幅度超过5%。

bloomchart-696x407 (1)

到目前为止,10月似乎已经击败了5月、6月、8月和9月,其中只有三个月的价格涨幅在5%以上。截至撰稿时间,2018年BTC价格波动幅度在一个月内超过5%的平均天数是4.7天。

发文时比特币现金的价格:¥3041.03

你是否认为市场早该有大动作?在下方分享你对价格走势的预测吧!


图片由Shutterstock和Bloomberg提供。


Bitcoin.com有很多免费的实用工具。例如,点开我们的工具,可以查找过去某笔交易的汇率,换算你持有的币值,创建纸钱包等等。

原文链接:https://news.bitcoin.com/markets-cme-settlement-pantera/
作者:Samuel Haig
翻译:Bitcoin.com



监管资讯:美国法官警告马来西亚公民投资需谨慎;加密货币竞选捐款需要政治监督







近日的监管新闻:美国公共廉政中心的一份报告探讨了加密货币捐款有可能会混淆政客资金来源的问题;一位美国法官已敦促马来西亚公众在考虑投资加密货币时进行尽职调查;一份由IBM Blockchain和国际货币金融机构官方论坛(OMFIF)发布的报告发现,各国央行在短期内不太可能采用国家性的加密货币。
推荐阅读:日本监管者:根据现行法律,稳定币不是加密货币

加密货币竞选捐款和捐赠者的透明度

shutterstock_1120297157-300x300公共廉政中心(Center for Public Integrity and Politico)发布的一份报告试图研究加密货币捐赠是否成为政客捐款透明度所面临的一项独特挑战。

这项研究调查了20位不同政治派别的候选人,他们都曾接受或请求过加密货币竞选捐赠。该报告称,其中至少有三名候选人是在已经禁止加密货币捐赠的州竞选公职。

加密货币分析师约瑟夫·阿吉罗(Joseph Argiro)曾强调,美国需要“对(加密货币)竞选捐款进行政治监督。”尽管如此,阿吉罗指出,“这个行业还是个新行业,监控工具仍在开发当中。”

美国法官提醒马来西亚公众谨慎投资加密货币

shutterstock_1163027563-300x200在马来西亚举行的“人类安全数字时代的网络安全(Cybersecurity in a Digital Era of Human Security)”会议上,美国马里兰州地区法院的法官保罗•格林(Paul Grimm)劝诫马来西亚公民在考虑投资加密货币时要谨慎,同时要进行尽职调查。

格林警告说,加密货币“市场随着波动变化,并不受国家银行的专业人士控制,”并补充道:“加密货币不由国家银行体系支持,没有任何机构可以通过监管政策介入,给其“降温”或“升温”。

格林表示:“如果你将加密货币视为一种投资,你应该就这种货币如何估值、价值波动以及如何处理与这种投资相关的风险进行尽职调查。”

报告发现,各国央行对于发行国家加密货币犹豫不决

shutterstock_1092369068-300x200IBM Blockchain和OMFIF就央行对于发行数字货币的意见进行了一项联合调查,并公布了调查的结果。

今年7月至9月,有21家参与OMFIF调查的央行向这份报告提供了反馈。结果显示,38%的机构正在积极“研究或试验大量发行一种数字货币,为他们的即时支付结算系统的未来升级提供资料。”剩下62%的机构没有研究过由央行发行数字货币。69%的受访者表示“当前的跨境流程存在重大问题。”

调查发现,76%的机构不确定“分布式账本技术是否能够达到理想状态,尤其是在监管这样的领域。”同时表示,超过三分之一的机构现在发现,把区块链技术整合到现行操作流程的前景并不乐观。

该报告称,“央行大量发行数字货币的试验表明,在部分情况下,在部分情况下,分布式账本技术的变体的表现超过现有银行间系统。”然而,它总结道,“技术发展成熟到可以满足央行对下一代即时支付结算系统的期待,还有很长高的路要走。”

发文时比特币现金的价格:¥3041.03

你认为央行会广泛采用分布式账本技术吗?在下方分享你的想法吧!


图片由Shutterstock提供。


Bitcoin.com有很多免费的实用工具。例如,点开我们的工具,可以查找过去某笔交易的汇率,换算你持有的币值,创建纸钱包等等。

原文链接:https://news.bitcoin.com/regulations-roundup-cryptocurrency-campaign-donations-us-judge-warns-malaysians/
作者:Samuel Haig
翻译:Bitcoin.com







Available Now: Ethereum Smart Contracts on the Hyperledger Fabric

Open-source proprietary protocol Hyperlegder, a highly-scalable blockchain solution that provides interoperability across a diverse set of enterprise blockchains, now supports the Ethereum Virtual Machine, as stated on a press release on October 26, 2018.

Ethereum Transactions on Hyperlegder

Hosted by the Linux Foundation, Hyperlegder is a business-focused, permissioned blockchain that is developed and maintained by industry leaders from several sectors, such as Airbus, Hitachi, FedEx, Intel, amongst myriad more companies.

With the latest development, Ethereum-based smart contracts and decentralized applications (dApps) can be deployed on the Hyperledger protocol, with the former being the first public blockchain to be used for the latter’s functioning.

Working in unison, the two robust blockchain protocols can provide significant advantages to clients and users, specifically to bring more customization to the operational process.

In a guest post for Hyperlegder, IBM’s Swetha Repakula explained the four “layers” that make the firm’s blockchain protocol; a dual ledger technology for data storage with public and private hashes stored on separate peer copies, altered consensus mechanism, an on-chain identity management program for trusted participants, and flexible contract functionality – in terms of the coding language used.

By supporting Ethereum, Repakula believes the broader “vision” of allowing developers to choose “what they want at those four levels” is made possible with smart contract functionality. In particular, the move allows developers to create dApps and decentralized autonomous organizations (DAOs) for a private, permissioned blockchain protocol. Also, existing dApps can be migrated with ease to Hyperlegder, using a simple process.

Bridging the Gap between Public and Private

Repakula describes the “next goal” of such a development is to optimize Ethereum’s other features to work on Hyperlegder, letting “any contract” work on the latter if desired by clients. In her view, the primary objective is to allow development and deployment of all Ethereum dApps on both private and public blockchains, without the need to develop both individually. Think of it as an application that works on both Android and iOS, without the need of producing two separate base codes.

Repakula adds:

“It might also be a useful step for the potential future of permissioned blockchains, which may eventually serve as a stepping stone between centralized systems and public blockchains, and so might benefit from commonalities like being able to run the same contracts.”

Her words have already been tested in a live-environment to satisfactory results. In April 2018 Spanish financial giant BBVA conducted a $91 million transaction to technology consulting firm Indra. While the loan was facilitated on the Hyperlegder protocol, a copy was time-stamped on the Ethereum blockchain, making the transaction’s occurrence a publically-viewable event but its details a private matter.

The New Effort to Get Bitcoin’s Lightning Network In Every Browser

Touted as a way to make the world’s most valuable cryptocurrency a more effective payment method, bitcoin’s lightning network has a rather large obstacle ahead – it’s still challenging, even risky, to set up and use.

It could become easier, though, should developers at the World Wide Web Consortium (W3C), the prestigious international group that creates standards for the web, have anything to do with it.

The work, which has been ongoing for several years (since standards take a long time to release), looks to make online payments easier, while giving users more choice by making a variety of payment methods available in web browsers using an API – and that includes the lightning network.

We’re talking browsers such as Google Chrome, Firefox and Microsoft Edge – big names everyone knows.

Sure, the W3C doesn’t have a horse in the race as it relates to which payment methods – from credit cards to Apple Pay to cryptocurrencies – are adopted most widely, but giving developers the option of adding lightning is a step towards making bitcoin’s layer-two more accessible.

Interest in cryptocurrency at the W3C’s Web Payments Working Group (where the browser API work is taking place) has been high for some time. But the W3C had trouble at first getting bitcoin developers and other cryptocurrency enthusiasts involved in the work.

However, with the help of only a few developers, cryptocurrency is looking compatible with the API. And, further than that, lightning is already compatible with the specification.

“All in all, we should be able to get bitcoin and lightning working with the [specification] without any major roadblocks,” prominent lightning developer Christian Decker told other developers in an email in August. In fact, Decker, an engineer at Blockstream, specifically joined the Web Payments Working Group to make sure bitcoin and lightning would not be missed.

Such a step would put lightning on a similar footing as more established online payment methods, Decker told CoinDesk, adding:

“This is exciting because switching between traditional payments and bitcoins and lightning payments could basically be a single click and make it easier for merchants to accept bitcoin alongside these traditional methods.”

Plus, there are other advantages to getting lightning into the specification.

Whenever a user enters their payment information, whether that’s their credit card number and expiration date or their lightning information, the API saves that information to the browser for easy payment the next time.

A passive strategy

Still, there is work to be done to make this happen.

For one, Decker said that a so-called “payment method ID” must be assigned to bitcoin and lightning before it can be a functioning part of the API.

“Currently only the basic-card identifier has been assigned, but we can apply for one eventually,” he said.

Decker seems in no rush. According to him, lightning developers are taking a passive approach, watching developments within the Web Payments Working Group “very closely” to ensure that lightning remains compatible.

“By being part of the working group we are in a position to raise objections should an incompatibility emerge and we [can] propose alternatives or improvements that better reflect the constraints that come from bitcoin and lightning being very unique payment systems,” Decker told CoinDesk.

It’s important to emphasize, though, that members don’t have to do anything as a part of the working group – it’s all rather voluntary.

And not everyone in the working group will necessarily have “crypto” top of mind. For instance, a bunch of companies contribute loosely to the W3C payment specifications, including the likes of Airbnb, Apple, Google, Facebook and Visa, companies that might be looking to push adoption of other, more obviously beneficial for their businesses, payment methods.

Decker is the sole lightning representative in the group of 172 participants.

As such, even though lightning is compatible, it’s still up to the browsers and merchants to actually add lightning support.

Still, Ian Jacobs, the W3C payments activity head, argued these types of payments will be an option, telling CoinDesk:

“The architecture is designed to enable new payment methods to be used on the web. That should include blockchain-based payment methods.”

Ready for the code?

Turning the W3C standards into code is another key step for pushing lightning into the browser.

Some browsers, including Chrome, Microsoft Edge (formerly Internet Explorer), Samsung browser and Safari have already put the API into practice, while Firefox uses it in “beta,” meaning it’s not quite stable yet.

But so far, none have adopted the cryptocurrency or lightning part of the specifications.

That’s likely partly because the specifications are still in progress. Not to mention, a developer needs to build the actual code implementation for the lightning payments, Decker said.

“I’m not aware of any real implementation, but that would be a very welcome development, and I’d be more than happy to support it,” he told CoinDesk.

One concern, though, is that lightning is so new and experimental, users have been known to lose money when sending a payment across the network. In other words, lightning still has a ways to go to even be safe to use – let alone easy. Bitcoin developer Sjors Provoost, who’s been thinking about how lightning in a browser might look, raised this concern in a comment on the project’s GitHub.

“Bitcoin and lightning wallets are much more involved than just storing a credit card number in a browser,” Provoost contended.

Yet Decker argued:

“I’d say that using bitcoin or lightning payments are probably safer than credit cards.”

Browsers image via Shutterstock

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

SBI Partners With Hitachi to Build Digital Payments Platform in India

Hitachi Payment Services, the Indian-based subsidiary of Hitachi, has entered a joint venture with State Bank of India for the establishment of a digital payments platform, pending regulatory approval. The announcement comes at a time when the Supreme Court asked the Indian government to state its policy towards cryptocurrency within two weeks.

Blockchain Enthusiast State Bank of India to Establish Digital Payments Platform With Hitachi

The Indian government-owned bank is one of the founding members of the consortium called BankChain, together with IBM, Microsoft, Skylark, KPMG, Deutsche Bank, and others. In November 2017, SBI partnered with Primechain Technologies to develop an enterprise solution for self-managing KYC protocols using distributed ledger technology.

Hitachi Payments will have a 26 percent stake in the joint venture, SBI Payment, in order to benefit from the dramatic increase of digital transactions in India. Hitachi will contribute to “Digital India” with innovative solutions using its IoT platform Lumada.

In late 2017, Hitachi and Mizuho Financial Group announced a proof of concept using blockchain in supply chain management built on Lumada. Regarding blockchain-related activities, Hitachi is also participating in Hyperledger, the multi-project open source collaborative effort hosted by The Linux Foundation.

Hitachi has agreed to accelerate the digitalization of financial services in the country by linking Lumada to the digital payments platform built together with the largest state-owned commercial bank. SBI has more than 420 million customers and more than 6,00,000 POS terminals.

Hitach Payments operates ATM managed services and POS processing services for over 55,000 ATMs and 850,000 POS devices across the country, as well as the card and digital acceptance payment network of SBI since 2011. India is in great technological expansion, according to Bharat Kaushal, Managing Director of Hitachi India.

“India is progressing towards becoming a knowledge economy with technology as the pivot. Hitachi is aiding in the development of India’s social infrastructure as well as giving a fillip to the economy. This mutually beneficial partnership with the financial giant SBI will allow us to widen our footprint pan India.”

In the meantime, India continues debating the legality of cryptocurrencies as trading platforms operate in a legal grey area. The Reserve Bank banned the banking system from dealing with digital currency operators, but the central bank has no power to make cryptocurrency trading illegal.

Ever since the April circular published by the RBI, there have been contradictory actions and statements taken by various government organizations. The Supreme Court of India has recently called the government to define its policy regarding the matter.

 

Image from Shutterstock

SME Funding Platform Investx Plans ‘Ethical’ ICO

/latest/2018/10/sme-funding-platform-investx-plans-ethical-ico/

SME Funding Platform Investx Plans ‘Ethical’ ICO

sme-funding-platform-investx-plans-ethical-ico

Initial Coin Offerings (ICOs) were all the rage in late 2017, allowing start-ups to access capital which would typically have been out of reach. By early 2018, their credibility as an investment tool was already faltering. Projects started failing. Scams and bad actors became prevalent. A new financial “Wild West” had emerged.

In an attempt to combat this trend, SME funding platform, Investx, announced this week that its public sale for the INX utility token is to be conducted as an ‘ethical ICO’.

Replicating a model first conceived by Holo, which completed an ethical ICO in April 2018 and raised $20 million to fund its distributed computing platform, Investx are hoping to also raise $20 million to fund a blockchain-based SME fundraising platform.

Abiding by three ICO principles the company describes as ‘ethical’, the Investx team believe that they’ll be able to reduce risk for potential investors and maximise the long-term value of the company’s token. ‘Ethical’ features include the creation of a reserve fund – reducing volatility and acting as a value floor – as well as implementing a sustainable token supply.

To support the new project, Investx have brought on board David Atkinson, a Director at Holochain, to advise and assist with the ICO:

ICO investors are looking for something extra these days – honesty, openness, accountability and moderation,” remarks Atkinson. “When we conceived the ethical ICO model for Holo, it was about giving investors assurances that we would keep to these principles. With Investx, we have evolved these ethical principles.

Thailand’s Main Regulatory Authority Warns Investors About Risky ICOs

Thailand’s main regulatory authority, the Securities and Exchange Commission (SEC), released a warning to investors regarding what it describes as “renegade ICOs.” The warning details multiple popular ICO projects that are operating in the country without any licensing, supervision, or registration.

The warning, which was first reported by the Bangkok Post, details how these renegade ICOs are heavily advertising in the region through multiple means (including social media, YouTube, and other advertisement venues) despite being unregistered with the SEC.

The warning specifically notes nine Initial Coin Offerings that are operating without the SEC’s approval, including: “Every Coin, Orientum Coin (ORT Coin), OneCoin and OFC Coin, Tripxchain Coin (TXC Coin), TUC Coin, G2S Expert ICO, Singhcom Enterprise ICO, Adventure hostel Bangkok ICO and Kidstocurrency ICO.”

Thailand has been one of the few countries to quickly move to regulate ICOs, first releasing their framework in 2017. Their ICO guidelines specifically state that:

“ICO fundraising needs to be done through an ICO portal approved by the SEC. The ICO acceptance criteria may include due diligence and screening of funders from dishonest people. The source code of the smart contract will automatically be enforced against the contract. After the sale, the SEC publishes a copy of the statement on the SEC website.”

Investors should be wary of any ICOs that haven’t sought out registration with the SEC, as the approval process is not arduous and delaying or refusing to obtain licensing is a red flag against investing in the projects.

Although investors are not banned from investing in the aforementioned ICOs, the securities watchdog does warn that “These digital assets have not applied for the SEC’s approval, and individuals who have been persuaded to invest in them should be cautious because there is a high investment risk.”

Because they lack regulatory approval, the securities watchdog also notes that there is nothing holding them accountable to providing their investors with accurate information regarding their project, finances, and qualifications.

Multiple ICOs and Platforms Are Currently Awaiting Regulatory Approval

The SEC also informed investors of which cryptocurrency-related platforms and ICO projects are currently awaiting approval.

“The six businesses seeking licences [sic] to operate as digital asset exchanges are Bitcoin Co (bx.in.th), Bitkub Online Co Ltd (bitkub.com), Cash2Coins Co Ltd (cash2coins.com), Satang Corporation Co Ltd (tdax.com), Coin Asset Co Ltd (coinasset.co.th) and Southeast Asia Digital Exchange Co Ltd (seadex.io).”

The report further notes that the Thai SEC is currently reviewing their applications, and that these platforms are legally allowed to operate because they submitted their applications within the allotted time frame following the introduction of the regulatory framework.

Investors in countries with regulatory frameworks for ICOs and cryptocurrency platforms should be wary of associating with these projects, as they may not be entitled to the same legal protections in the case that the platform or coin offering commits fraud against them.

Featured image from Shutterstock

Ripple Price Analysis: XRP/USD’s Downside Thrust and Reversal

Key Highlights

  • Ripple price declined sharply, but the $0.4340 support acted as a solid support against the US dollar.
  • There is a connecting bearish trend line formed with resistance at $0.4485 on the hourly chart of the XRP/USD pair (data source from Kraken).
  • The pair could find sellers near the $0.4485 and $0.4500 levels, but dips remain supported.

Ripple price declined recently against the US Dollar and Bitcoin. However, XRP/USD found a strong buying interest near $0.4340 and recovered nicely.

Ripple Price Analysis

There was yet another rejection noted near the $0.4600 level in ripple price against the US Dollar. As a result, there was a sharp downside move in the XRP/USD pair below the $0.4500 support. The price surpassed a major bullish trend line with support at $0.4550 on the hourly chart. Moreover, there was a break below the $0.4480 level and the 100 hourly simple moving average.

The decline was such that there was a spike below the $0.4340 support area. However, the price recovered sharply and moved back above $0.4340 and $0.4400. The current price action is positive above the 50% Fib retracement level of the last decline from the $0.4603 high to $0.4263 low. On the upside, the price may face sellers near the $0.4500 level. There is also a connecting bearish trend line formed with resistance at $0.4485 on the hourly chart of the XRP/USD pair. Besides, the 61.8% Fib retracement level of the last decline from the $0.4603 high to $0.4263 low is at $0.4473. Therefore, the price may find a strong selling interest near $0.4480 and $0.4500.

Ripple Price Analysis XRP Chart

Looking at the chart, ripple price is showing positive signs above $0.4400. If it declines once again, the $0.4340 support is likely to hold losses in the near term. To the topside, a break above $0.4500 is needed for an upside acceleration towards $0.4600.

Looking at the technical indicators:

Hourly MACD – The MACD for XRP/USD is back in the bullish zone.

Hourly RSI (Relative Strength Index) – The RSI for XRP/USD is back above the 50 level.

Major Support Level – $0.4340

Major Resistance Level – $0.4500

Malwarebytes Forum User Discovers a Crypto Tracker App That Secretly Installed Backdoors in Macs

News

Malwarebytes Forum User Discovers a Crypto Tracker App That Secretly Installed Backdoors in Macs


An astute Malwarebytes forums user recently noticed that a crypto price tracker application, called CoinTicker, covertly installed backdoors in Mac computers.


A recent blog post from Malwarebytes’ Thomas ReedDirector of Mac & Mobile, explains how a contributor on the Malwarebytes forum going by the name 1vladimir noticed an app called CoinTicker was secretly installing two different backdoors onto computers after download.

According to Reed, the webpage for application to the program heralds itself as “the best crypto-currency ticket for Mac,” since it lets users check out the prices of selected virtual currencies from the Mac menu bar.

The website displays information about prices for a number of supported cryptocurrencies, including Bitcoin (BTC) 00, Ethereum, and Monero.

Despite the seemingly innocent intentions on the surface, Reed explains how the application is “actually no good in the background,” since it, “downloads and installs components of two different open-source backdoors” upon launch.

Mac users are certainly not a stranger to crypto-related malware. In early July, Bitcoinist reported on a situation in which MacOS users who were chatting about cryptocurrencies on Slack and Discord were being targeted by attacks in an effort to get them to share malicious scripts.

Utilized to Gain Access to Cryptocurrency Wallets?

Reed explains how the backdoor components are called Eggshell and EvilOSX. He posts several screenshots in the blog post to show how the malicious programs embed themselves into a computer.

Lawrence Abrams of Bleeping Computer says the downloaded backdoors are customized versions of EggShell and EvilOSX that were taken from a now-offline GitHub repository.

Going further, Abrams writes how the EggShell and EvilOSX backdoors automatically start once a user logs into the Mac computer.

Reed notes how EggShell and EvilOEX are known as “broad-spectrum” backdoors that are able to be used for a number of different purposes.

He admits to not knowing for certain what the malware’s creator had in mind, but writes “it seems likely” it was being used to try and get access to a person’s digital currency wallet to steal funds.

Was the Application Even Remotely Legitimate?

According to the blog post, Reed first thought the scenario with CoinTicker was an example of a supply chain attack. This is where a “legitimate app’s website is hacked to distribute a malicious version.”

A Malwarebytes blog post from May 2017 details the story behind a supply chain attack on the Transmission torrent app, where it was hacked first to install the KeRanger ransomware, and then again to install the Keydnap backdoor.

However, Reed also muses the CoinTicker application might never have been legitimate from the start.

He points out how the website’s domain for the app, coin-sticker.com, was registered in mid-July and is not even the same name as the actual application.

Overall, Reed made a point about how the malware does not require anything other than “normal user permissions,” citing the scenario as a

Perfect demonstration that malware does not need such privileges to have high potential for danger.

What do you think about the situation with CoinTicker and the backdoor it has installed on Macs? Have you ever used the application? Let us know in the comments!


Images courtesy of CoinTicker, Shutterstock, Twitter (@thomasareed)