Bitcoin-stealing Mac malware found on popular download websites

BitcoinResearchers at SecureMac have warned that they have discovered malware that steals Bitcoins which is being distributed via CNet's popular website and MacUpdate (a rival to the official Mac App Store).

The malware, named OSX/CoinThief, steals information related to users' Bitcoin wallets and keys, and is said to have been found in trojanised versions of Bitcoin Ticker TTM (To The Moon), BitVanity, StealthBit, and Litecoin Ticker. (Litecoin is an alternative digital currency)

Bitcoin Ticker TTM

CoinThief installs an extension into its victims' Firefox, Chrome or Safari browsers, monitoring web traffic and attempting to intercept login credentials sent to many of the online Bitcoin exchanges and wallet sites. The information is then sent back to the malware authors via a remote server.

In an attempt to cover up its activity, the browser extensions disguise their true intentions by adopting innocuous names like "Pop-up blocker", and use generic descriptions such as ""Blocks pop-up windows and other annoyances."

Because of this, even if you didn't remember installing the extension, chances are that you wouldn't necessarily have your alarm raised.

CNet downloadClearly someone was able to dupe MacUpdate and CNet's into accepting the bogus versions of the software, helping the online criminals to spread the malware to a wider audience.

Hopefully they will be more careful about vetting submissions in future, and will make efforts to confirm that developers and companies submitting software to their libraries are really who they say they are.

Mac users, of course, are something of a soft target as many of them still do not run any form of anti-virus software.

And without decent anti-virus software, what chance would the typical Mac user have against this Bitcoin-stealing malware?

Hang on to your hats everyone. Criminals love to go where the money is. And as more and more people experiment online with Bitcoin purchases, you can be sure that some hackers will be looking long and hard at how they might steal the digital currency away from them.

Tags: , , , , , , ,

Subscribe to the free GCHQ newsletter

, , , , , , ,

Special offers & deals

  • PureVPN - 85% off!

    PureVPN - 85% off!

    Make sure your personal data and online activity aren't exposed. Encrypt your internet traffic and cover your tracks with PureVPN. Works with your PCs, Macs, iPhones, Androids, routers, gaming consoles, and Smart TVs. Connect up to 5 devices at once at top speeds.
  • Password Boss Premium Version - 86% off!

    Password Boss Premium Version - 86% off!

    All you need to do is remember one master password, and Password Boss will do the rest - remembering all of your different online passwords securely. Security and peace of mind.

More deals...

Leave a reply

1 Comment on "Bitcoin-stealing Mac malware found on popular download websites"

Notify of

Sort by:   newest | oldest | most voted
October 21, 2015 5:47 pm

Whoops. I've uninstalled this just now. What other actions are required to be safe?