Home New Mac OS X Malware Steals Your Bitcoins

New Mac OS X Malware Steals Your Bitcoins

There’s a new piece of Mac malware that can spy on your web browser to steal your bitcoins.

The trojan, which was discovered by SecureMac on Sunday, is disguised as a downloadable Bitcoin app called “StealthBit,” which says it can send and receive anonymous bitcoin payments. The trojan horse is named “OSX/CoinThief.A.”

The malware’s author may be connected to reddit user “trevorscool,” who advertised StealthBit on reddit on February 1. That username is similar to the one used to upload StealthBit to GitHub—”Thomasrevor.” (At the time of this writing, the GitHub account for “Thomasrevor” has been deleted—but here’s a web cache from Google.) This same user advertised a similar Mac app called “BitVanity” in 2013, which also reportedly emptied out bitcoin wallets. According to more Google web caches, “trevorscool” has also been deleting old posts that invite people to download and use his new Bitcoin apps.

I’ve reached out to this individual and will update this story if we get a response.

See more: Apple Deletes BlockChain, The Last Remaining Bitcoin Wallet For iPhone

A number of users have already reported infected systems. Over the weekend, one Reddit user claimed to lose 20 Bitcoins (worth upward of $12,000 at the time of writing) as a result of the “Coin Thief” trojan embedded in StealthBit.

The StealthBit app was first posted on the open-source repository GitHub, but the precompiled version of the app contained a malicious payload. When users download the app, the trojan quietly installs extensions into the Google Chrome or Safari web browsers (we’ve inquired about Mozilla’s Firefox), and then sifts through those browsers looking for login credentials for Bitcoin-related websites like Mt. Gox, BTC-e, and Blockchain. Once the “StealthBit” app finds a set of login credentials, it sends that information back to remote servers owned by the malware’s developer.

The data that’s sent back to the developer’s remote servers isn’t limited to Bitcoin login information, however. The usernames and unique identifiers (UUIDs) for infected Macs are also transmitted to the servers, in addition to any Bitcoin-related apps already installed on the system.

If you’ve already downloaded the StealthBit app, it’s important to isolate the extensions that spy on your browser’s activity to prevent data theft or loss. The author of this malware gave the extensions the name “Pop-Up Blocker,” with the description “Blocks pop-up windows and other annoyances.” If you find these files on your browser, delete them, and report the issue directly to Apple.

Speaking of Apple, we’ve reached out to the company to see if they’re aware of the reported trojan horse, and what steps the company is taking to solve this issue, and we’ll update the story as soon as we learn more.

Although OS X has long had a reputation as a secure platform, malware and adware attacks that target it have been on the rise over the last two years. In April 2012, more than 600,000 Mac computers were affected by the Flashback Trojan, which exploited several vulnerabilities in Java to similarly install itself onto user’s browsers without any action on the user’s part.

Last March, a piece of adware called the Yontoo Trojan was found installing itself directly onto users’ browsers as a plug-in, embedding third-party code onto any pages viewed by those users.

Lead image by fdecomite on Flickr. Right image courtesy of Wikimedia Commons

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.