Mac users are warned not to download pirated software from file-sharing peer-to-peer networks, as ESET researchers have discovered Bitcoin-stealing malware being spread via cracked apps.
The malware, OSX/CoinThief , was first discovered earlier this month and was found to steal login credentials related to various Bitcoin-related exchanges and wallet sites via malicious browser add-ons.
CoinThief was first spotted earlier this month by SecureMac researchers, who found it had been distributed via popular download sites such as Download.com and MacUpdate.com, disguised as trojanised versions of Bitcoin Ticker TTM (To The Moon), BitVanity, StealthBit and Litecoin Ticker.
However, the malware experts at ESET labs have also seen OSX/CoinThief spread through torrents as cracked versions of the following popular Mac OS X applications:
- BBEdit – an OS X text editor
- Pixelmator – a graphics editor
- Angry Birds – a game of trebuchet-powered temperamental avian bombardment
- Delicious Library – a media cataloguing application
There is clearly strong evidence that the trojan was specifically designed to profit from the current Bitcoin craze and fluctuating exchange rates.
The hackers behind the CoinThief trojan are trying to cash in on the current Bitcoin craze and fluctuating exchange rates by breaking into users’ digital wallets. As ESET’s research team has shown, Mac users who download and install pirated software from torrent sites are not only depriving developers of their rightful income, but putting their computers and finances at risk as well.
Whether you’re a Bitcoin-enthusiast or not, it’s essential that you protect your Mac with an up-to-date anti-virus product, and resist the temptation to download cracked and pirated software. Instead, go to a legitimate source – such as the developer’s own website or the Mac App store.
ESET researchers continue to analyse the malware, and will publish updates with any further developments.