Mac trojan steals Bitcoins

An app which claims to send and receive payments on Bitcoin Stealth Addresses, OSX/CoinThief.A instead monitors traffic and steals Bitcoins.

SecureMac is reporting a new Mac trojan they call OSX/CoinThief.A. The malware targets Mac users and spies on web traffic to steal Bitcoins. They say the malware is in the wild and have received multiple reports of stolen Bitcoins.

The software was distributed through an app called "StealthBit" which, until recently, was available for download from Github. The source code version did not match the precompiled version, the latter of which contained the malicious payload. StealthBit purports to be an app to send and receive payments on Bitcoin Stealth Addresses.

The malware installs browser extensions for Safari and Google Chrome and a separate background program, all of which monitor all web traffic looking for login credentials for Bitcoin websites and wallet sites. It reports these credentials to a remote server. The browser extensions identify themselves as popup blockers.

SecureMac cites a recent post on reddit of a user who lost 20 Bitcoins, worth well over $10,000 US.