Mac users are warned not to download pirated software from file-sharing peer-to-peer networks, as ESET researchers have discovered Bitcoin-stealing malware being spread via cracked apps.
The malware, OSX/CoinThief, was first discovered earlier this month by researchers at SecureMac, and was found to steal login credentials related to various Bitcoin-related exchanges and wallet sites via malicious browser add-ons.
Their researchers found that the malware had been disguised as trojanised versions of Bitcoin Ticker TTM (To The Moon), BitVanity, StealthBit and Litecoin Ticker, and distributed through popular download sites including Download.com and MacUpdate.com.
However, the malware experts at ESET labs have also seen OSX/CoinThief spread through torrents as cracked versions of the following popular Mac OS X applications:
- BBEdit - an OS X text editor
- Pixelmator - a graphics editor
- Angry Birds - a game of trebuchet-powered temperamental avian bombardment
- Delicious Library - a media cataloguing application
There is clearly strong evidence that the trojan was specifically designed to profit from the current Bitcoin craze and fluctuating exchange rates.
According to detection statistics gathered by the ESET LiveGrid, the threat is mostly active amongst Mac users based in the United States.
Whether you're a Bitcoin-enthusiast or not, it's essential that you protect your Mac with an up-to-date anti-virus product, and resist the temptation to download cracked and pirated software.
Instead, go to a legitimate source - such as the developer's own website or the Mac App store.
If you are unlucky enough to have been hit by the OSX/CoinThief malware on your Mac, there are some good instructions from SecureMac about how to conduct a manual removal. For more technical users, there is also a detailed analysis of the malware.
ESET researchers continue to analyse the malware, and will publish an update on We Live Security with any further developments.
Take care out there folks.
Hat tip: Special thanks to ESET researcher Róbert Lipovský for his assistance with this article.