SecureMac Warns of New Bitcoin-Stealing Mac Trojan


SecureMac researchers are warning of a new Mac OS X Trojan called OSX/CoinThief.A (h/t Threatpost).

The malware comes disguised as "StealthBit," an app that claims to send and receive payments using Bitcoin Stealth Addresses, but instead monitors Web traffic in order to access Bitcoin wallet login credentials and steal Bitcoins.

"Upon running the program for the first time, the malware installs browser extensions for Safari and the Google Chrome web browser, without alerting the user," the researchers write. "The Web browsers are tricked into thinking that the user intentionally installed the extensions, and give no warning to the user that all of their Web browsing traffic is now being monitored by the malicious extensions. Additionally, the malware installs a program that continually runs in the background, looking for Bitcoin wallet login credentials, which are then sent back to a remote server."

The researchers say there are already several reports of stolen Bitcoins -- one Reddit user claims to have lost 20 Bitcoins, currently worth more than $13,000.

In response to that post, another user commented, "It's real problem right now for any novice to medium skilled tech person to secure your wallet. You need offline, dedicated, non-Windows systems to really keep it safe."