The malware, named OSX/CoinThief, steals information related to users’ Bitcoin wallets and keys, and is said to have been found in trojanised versions of Bitcoin Ticker TTM (To The Moon), BitVanity, StealthBit, and Litecoin Ticker. (Litecoin is an alternative digital currency)
CoinThief installs an extension into its victims’ Firefox, Chrome or Safari browsers, monitoring web traffic and attempting to intercept login credentials sent to many of the online Bitcoin exchanges and wallet sites. The information is then sent back to the malware authors via a remote server.
In an attempt to cover up its activity, the browser extensions disguise their true intentions by adopting innocuous names like “Pop-up blocker”, and use generic descriptions such as “”Blocks pop-up windows and other annoyances.”
Because of this, even if you didn’t remember installing the extension, chances are that you wouldn’t necessarily have your alarm raised.
Hopefully they will be more careful about vetting submissions in future, and will make efforts to confirm that developers and companies submitting software to their libraries are really who they say they are.
Mac users, of course, are something of a soft target as many of them still do not run any form of anti-virus software.
And without decent anti-virus software, what chance would the typical Mac user have against this Bitcoin-stealing malware?
Hang on to your hats everyone. Criminals love to go where the money is. And as more and more people experiment online with Bitcoin purchases, you can be sure that some hackers will be looking long and hard at how they might steal the digital currency away from them.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.
Whoops. I've uninstalled this just now. What other actions are required to be safe?