New Mac Trojan virus mines bitcoins

In yet another reminder to owners of Apple Macintosh computers their machines are not immune from viruses, a security firm has uncovered a new Trojan that mines Macs for bitcoins, an Internet-based currency.

 

SecureMac said the malware, which it dubbed OSX/CoinThief.A, is being "actively distributed" through legitimate sites, thus exposing hundreds of Mac users to malware.

 

"These variants of OSX/CoinThief contain similar functionality to previously known copies, but also include a browser extension for Firefox, which was not present in the earlier variants," it said.

 

It added the malware is being distributed as price tickers for Bitcoin and Litecoin, which were available on download.com since early December.

 

SecureMac said two variants it observed have the same name and developer information as two apps found in Apple's Mac App Store.

 

These apps were also being distributed on MacUpdate.com since early December, it added.

 

Meanwhile, SecureMac also discovered a new Trojan called OSX/CoinThief.A, which targets Mac OS X and spies on web traffic to steal Bitcoins.

 

"This malware has been found in the wild, and there are multiple user reports of stolen Bitcoins. The malware, which comes disguised as an app to send and receive payments on Bitcoin Stealth Addresses, instead covertly monitors all web browsing traffic in order to steal login credentials for Bitcoin wallets," it said.

 

It said infection initially occurs when a user installs and runs an app called "StealthBit," which was recently available for download on open-source repository GitHub.

 

"A user posting over the weekend on Reddit, the popular discussion site, reported losing 20 Bitcoins (currently worth upwards of $12,000) to the thieves," it said.

 

It said the malware is disguised as an app to send and receive payments on Bitcoin Stealth Addresses, but instead acts as a dropper and installs browser extensions that "monitor all web browsing traffic, looking specifically for login credentials for many popular Bitcoin websites, including MtGox and BTC-e, as well as Bitcoin wallet sites like blockchain.info."

 

"Upon running the program for the first time, the malware installs browser extensions for Safari and the Google Chrome web browser, without alerting the user. The web browsers are tricked into thinking that the user intentionally installed the extensions, and give no warning to the user that all of their web browsing traffic is now being monitored by the malicious extensions," it said.

 

The malware also sends home information such as Bitcoin login credentials, the username and UUID (unique identifier) for the infected Mac, and the presence of Bitcoin-related apps on the system. — TJD, GMA News