Bitcoin-Stealing OS X Trojan Now Masquerading as 'Angry Birds' and Other Popular Mac Apps

by

bitcoin.pngA Bitcoin-stealing trojan has been detected in downloads claiming to be cracked versions of popular Mac applications, reports security firm ESET through its We Live Security blog. The OSX/CoinThief.A malware was discovered in popular Bitcoin software earlier this month by SecureMac, but is now being used to target users of more mainstream apps.

The trojan initially surfaced on open source software hosting site GitHub, and it was quickly bundled into several Bitcoin apps available through multiple download sites. Further investigation by ESET has now uncovered the trojan masquerading as cracked versions of popular Mac apps such as BBEdit, Pixelmator, Angry Birds, and Delicious Library.

OSX/CoinThief.A involves a malicious browser add-on used to intercept logins for Bitcoin wallet sites and related exchanges such as MtGox, BTC-e, and blockchain.info. Stolen login credentials are then forwarded to the malware's developer.

There is clearly strong evidence that the trojan was specifically designed to profit from the current Bitcoin craze and fluctuating exchange rates.

According to detection statistics gathered by the ESET LiveGrid, the threat is mostly active amongst Mac users based in the United States.

The websites where these files are being distributed from have not been revealed, but Mac owners can prevent infection by avoiding pirated software and downloading titles directly from the developer's website or the Mac App Store. Users can find instructions on how to check for and remove the malware on SecureMac's blog post.

Top Rated Comments

satcomer Avatar
satcomer
93 months ago
Pirated software users are surprised that some of these cracked software might be Trojan carriers?
Score: 28 Votes (Like | Disagree)
JetBlack7 Avatar
JetBlack7
93 months ago
Joke's on them, I own 0 bitcoins.
Score: 23 Votes (Like | Disagree)
dustinsc Avatar
dustinsc
93 months ago
Downloading cracked apps is like eating out of a garbage bin. Sure, you might find something that looks tasty in there, but even if it looks good it will still probably get you sick.
Score: 22 Votes (Like | Disagree)
tuartboy Avatar
tuartboy
93 months ago
This is why code signing and Gatekeeper exist.
Score: 21 Votes (Like | Disagree)
Plutonius Avatar
Plutonius
93 months ago
Only in cracked versions = no problem.
Score: 18 Votes (Like | Disagree)
WallToWallMacs Avatar
WallToWallMacs
93 months ago
Seems to be a catch22 for Apple. The more successful and ubiquitous it becomes, the more it will be targeted by the nefarious. All the more so because of the statistical affluence of the user base. That's a shame.

How is it a catch 22 for Apple when there are idiots going out to download pirated software because they're too bloody cheap to purchase a legitimate copy via the AppStore? That's like blaming Microsoft for some person downloading Creative Suite off a bittorrenting website then complaining that all their credit card information has been stolen and its apparently all Microsoft's fault.
Score: 16 Votes (Like | Disagree)
Read All Comments

Top Stories

siir apple event april 20

Siri Reveals Apple Event Planned for Tuesday, April 20

Tuesday April 13, 2021 12:04 am PDT by
Siri has apparently prematurely revealed that Apple plans to hold an event on Tuesday, April 20, where the company is expected to reveal brand new iPad Pro models and possibly its long-awaited AirTags trackers. Subscribe to the MacRumors YouTube channel for more videos. Upon being asked "When is the next Apple Event," Siri is currently responding with, "The special event is on Tuesday, April...
Read Full Article175 comments
apple event spring loaded

Apple's 'Spring Loaded' Event Officially Announced for Tuesday, April 20

Tuesday April 13, 2021 9:04 am PDT by
Following an overnight leak by Siri, Apple today officially announced that it will be holding a special "Spring Loaded" event on Tuesday, April 20 at 10:00 a.m. Pacific Time at the Steve Jobs Theater on the Apple Park campus in Cupertino, California. As with all of Apple's 2020 events, the April 2021 event will be a digital-only gathering with no members of the media invited to attend in...
Read Full Article271 comments
pixel watch prosser leak

Google Pixel Watch Allegedly Leaks with Circular Design, Rumored to Launch in October

Monday April 12, 2021 2:49 am PDT by
Renders of Google's first smartwatch, codenamed "Rohan," have been shared by Jon Prosser, showing that Google plans to adopt a circular design for its flagship wearable watch. Prosser shared the renders in an episode of his YouTube show "Front Page Tech," in which he claims they were made based on marketing material he had seen from a source within Google. The renders show that the Pixel...
Read Full Article110 comments
Google maps feaure green

Google Maps App for iOS Finally Updated After Four Months

Monday April 12, 2021 10:03 am PDT by
Following the completed rollout of App Privacy labels for its App Store apps, Google today updated the Google Maps app for the first time in four months. Apple in December began requiring all new app submissions and app updates to include App Privacy labels, detailing the data that is collected by the app so consumers know what they're sharing. Google didn't begin implementing App Privacy ...
Read Full Article42 comments
AppleTV and HomePod Feature

Bloomberg: Apple Working on New Apple TV With Integrated HomePod Speaker and FaceTime Camera

Monday April 12, 2021 3:32 am PDT by
Apple is working on a combined Apple TV with HomePod speaker that has a camera for video calls through a connected television set, according to Bloomberg's Mark Gurman. From the report: The company is working on a product that would combine an Apple TV set-top box with a HomePod speaker and include a camera for video conferencing through a connected TV and other smart-home functions,...
Read Full Article182 comments
samsung experience 1

Samsung's 'iTest' Lets You Try a Galaxy Device on Your iPhone

Thursday April 8, 2021 12:42 pm PDT by
Samsung has launched "iTest," an interactive website experience that's designed to allow iPhone users to test out Android on a Galaxy device, or "sample the other side," as Samsung puts it. Subscribe to the MacRumors YouTube channel for more videos. The iTest website is being advertised in New Zealand, according to a MacRumors reader who came across the feature. Visiting the iTest website on...
Read Full Article208 comments
epic iap feature 3

Tim Cook Says App Store Would Become a 'Flea Market' if Third-Party Payment Systems Were Allowed

Monday April 12, 2021 9:41 am PDT by
In a recent interview with the Toronto Star, Apple CEO Tim Cook spoke about a wide variety of topics, ranging from App Tracking Transparency to Apple's ongoing legal battle over App Store policies with Fortnite creator Epic Games. Notably, Cook said that Epic Games' desire for Apple to let developers offer their own payment systems in apps "would make the App Store a flea market":At the...
Read Full Article326 comments
tim cook toronto star

Tim Cook Says Apple is 'Not Against Digital Advertising' Ahead of iOS 14.5 Launch With App Tracking Transparency

Monday April 12, 2021 8:00 am PDT by
Starting with iOS 14.5, iPadOS 14.5, and tvOS 14.5, Apple will be requiring apps to receive a user's permission to track their activity for targeted advertising purposes, as part of a privacy measure known as App Tracking Transparency. Ahead of App Tracking Transparency being enforced, Apple CEO Tim Cook has participated in a privacy-focused interview with the Toronto Star, telling the...
Read Full Article153 comments
a13 bionic mockup

Apple Made Sudden Security Changes to its Chips in Fall 2020

Monday April 12, 2021 8:15 am PDT by
Apple made unusual mid-production hardware changes to the A12, A13, and S5 processors in its devices in the fall of 2020 to update the Secure Storage Component, according to Apple Support documents. According to an Apple Support page, spotted by Twitter user Andrew Pantyukhin, Apple changed the Secure Enclave in a number of products in the fall of 2020:Note: A12, A13, S4, and S5 products...
Read Full Article65 comments
HomePod G4 Feature

Bloomberg: Future HomePod May Feature iPad Connected Via Robotic Arm to Track Users Around The Room During FaceTime Calls

Monday April 12, 2021 3:50 am PDT by
In a report outlining a possible Apple TV with a combined HomePod and camera, Bloomberg's Mark Gurman says that Apple is exploring a future high-end HomePod speaker that could include an iPad connected via a robotic arm that tracks and follows users around a room. From the report: The Cupertino, California-based technology giant, is also mulling the launch of a high-end speaker with a touch ...
Read Full Article109 comments