OSX/CoinThief Posing as Popular Software to Infect Macs

Apple / Mac Trojan HorseMac users may want to think twice about turning to p2p networks to download software.

ESET researchers found that the Bitcoin-stealing Trojan horse, OSX/CoinThief is now infecting Macs by posing as cracked versions of popular applications on file-sharing sites.

The list of applications spoofed by OSX/CoinThief includes:

  • Angry Birds (game)
  • BBEdit (text editor)
  • Delicious Library  (media cataloguer)
  • Pixelmator (graphic editor)

When OSX/CoinThief was first spotted earlier this month by SecureMac researchers, it was being spread via Trojanized copies of Stealthbit, BitVanity, Bitcoin Ticket TTM and Litecoin Ticker. The tainted apps were available for download on Download.com and MacUpdate.com.

Upon infection, OSXC/oinThief will install malicious browser extensions that would steal login information for popular Bitcoin sharing sites and send them to a remote server.

Based on what ESET researchers have seen, Mac users based in the United States appear to have been the ones hit the hardest by this threat.

Steps to Keep Your Mac Safe from OSX/CoinThief

Given the infection method, keeping OSX/CoinThief off your Mac should be easy. Just be sure that you:

  • Refrain from downloading software from peer-to-peer networking sites. Only download apps from legitimate sources, like the official developer site or Mac App store.
  • Always run anti-malware software on your Mac and keep the virus definitions current. Be sure to scan all files before opening them. 23/50 antivirus engines are now capable of detecting the threat (vs. 1/50 when we first covered OSX/CoinThief), including ESET NOD32, DrWeb, Kaspersky, Sophos & others.
Like this post? Follow us online by liking us on Facebook, following us on Twitter (@sdpcfix), or circling us on Google+.