Mac trojan steals Bitcoins

Summary:An app which claims to send and receive payments on Bitcoin Stealth Addresses, OSX/CoinThief.A instead monitors traffic and steals Bitcoins.

SecureMac is reporting a new Mac trojan they call OSX/CoinThief.A. The malware targets Mac users and spies on web traffic to steal Bitcoins. They say the malware is in the wild and have received multiple reports of stolen Bitcoins.

The software was distributed through an app called "StealthBit" which, until recently, was available for download from Github. The source code version did not match the precompiled version, the latter of which contained the malicious payload. StealthBit purports to be an app to send and receive payments on Bitcoin Stealth Addresses.

The malware installs browser extensions for Safari and Google Chrome and a separate background program, all of which monitor all web traffic looking for login credentials for Bitcoin websites and wallet sites. It reports these credentials to a remote server. The browser extensions identify themselves as popup blockers.

SecureMac cites a recent post on reddit of a user who lost 20 Bitcoins, worth well over $10,000 US.

Topics: Security, Apple


Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years. He was most recently Editorial Director of BYTE, Dark Reading and Network Computing at UBM Tech. Prior to that he spent over a decade consulting and writing on technology subjects, primarily in the area of sec... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.