HACKINTOSH.ORG | Macintosh discussion forums

Bitcoin-Stealing OS X Trojan Now Masquerading as 'Angry Birds' and Other Popular Mac Apps

(http://cdn.macrumors.com/article-new/2014/02/bitcoin1.png)A Bitcoin-stealing trojan has been detected in downloads claiming to be cracked versions of popular Mac applications, reports security firm ESET (http://www.welivesecurity.com/2014/02/25/mac-malware-cracked-angry-birds/) through its We Live Security blog. The OSX/CoinThief.A malware was discovered (http://www.macrumors.com/2014/02/10/bitcoin-stealing-trojan/) in popular Bitcoin software earlier this month by SecureMac, but is now being used to target users of more mainstream apps.
 
 The trojan initially surfaced on open source software hosting site GitHub, and it was quickly bundled into several Bitcoin apps available through multiple download sites. Further investigation by ESET has now uncovered the trojan masquerading as cracked versions of popular Mac apps such as BBEdit, Pixelmator, Angry Birds, and Delicious Library.
 
 OSX/CoinThief.A involves a malicious browser add-on used to intercept logins for Bitcoin wallet sites and related exchanges such as MtGox, BTC-e, and blockchain.info. Stolen login credentials are then forwarded to the malware's developer.

There is clearly strong evidence that the trojan was specifically designed to profit from the current Bitcoin craze and fluctuating exchange rates.
 
 According to detection statistics gathered by the ESET LiveGrid, the threat is mostly active amongst Mac users based in the United States.

The websites where these files are being distributed from have not been revealed, but Mac owners can prevent infection by avoiding pirated software and downloading titles directly from the developer's website or the Mac App Store. Users can find instructions on how to check for and remove the malware on SecureMac's blog post (http://www.securemac.com/Remove-CoinThief-Trojan-Horse-Instructions.php).
 
 
 Recent Mac and iOS Blog Stories
 • EU Meeting With Apple and Google to Discuss Concerns Over In-App Purchases  (http://www.macrumors.com/2014/02/27/eu-in-app-purchases/)
 • Apple to Construct New Retail Store in Dayton, Ohio (http://www.macrumors.com/2014/02/27/apple-store-dayton-ohio/)
 • NimbleBit and Milkbag Games' Collaboration 'Disco Zoo' Now Available for Download (http://www.macrumors.com/2014/02/26/nimblebit-disco-zoo-2/)
 • Apple Updates Enterprise Tools for Large iOS Device Deployments (http://www.macrumors.com/2014/02/26/enterprise-deployment-tools-updated/)
 • Apple Releases Firmware Update for 2013 Mac Pro to Fix Power Nap Issues (http://www.macrumors.com/2014/02/26/mac-pro-smc/)
 • Apple Releases iTunes 11.1.5 With Bug Fixes, Compatibility Improvements (http://www.macrumors.com/2014/02/26/apple-releases-itunes-11-1-5-with-bug-fixes-compatibility-improvements/)
 • Soundgarden Added to SXSW iTunes Festival Lineup (http://www.macrumors.com/2014/02/26/soundgarden-itunes-festival-sxsw/)
 • Apple Files Formal Appeal in E-Books Antitrust Case (http://www.macrumors.com/2014/02/26/apple-appeals-ebooks-case/)
<img width='1' height='1' src='http://rss.feedsportal.com/c/35070/f/648327/s/379bf836/sc/15/mf.gif' border='0'/><br clear='all'/><div class='mf-viral'><table border='0'><tr><td valign='middle'><a href="http://share.feedsportal.com/share/twitter/?u=http%3A%2F%2Fwww.macrumors.com%2F2014%2F02%2F27%2Fbitcoin-trojan-angry-birds%2F&t=Bitcoin-Stealing+OS+X+Trojan+Now+Masquerading+as+%27Angry+Birds%27+and+Other+Popular+Mac+Apps" target="_blank"><img src="http://res3.feedsportal.com/social/twitter.png" border="0" />[/url]&nbsp;<a href="http://share.feedsportal.com/share/facebook/?u=http%3A%2F%2Fwww.macrumors.com%2F2014%2F02%2F27%2Fbitcoin-trojan-angry-birds%2F&t=Bitcoin-Stealing+OS+X+Trojan+Now+Masquerading+as+%27Angry+Birds%27+and+Other+Popular+Mac+Apps" target="_blank"><img src="http://res3.feedsportal.com/social/facebook.png" border="0" />[/url]&nbsp;<a href="http://share.feedsportal.com/share/linkedin/?u=http%3A%2F%2Fwww.macrumors.com%2F2014%2F02%2F27%2Fbitcoin-trojan-angry-birds%2F&t=Bitcoin-Stealing+OS+X+Trojan+Now+Masquerading+as+%27Angry+Birds%27+and+Other+Popular+Mac+Apps" target="_blank"><img src="http://res3.feedsportal.com/social/linkedin.png" border="0" />[/url]&nbsp;<a href="http://share.feedsportal.com/share/gplus/?u=http%3A%2F%2Fwww.macrumors.com%2F2014%2F02%2F27%2Fbitcoin-trojan-angry-birds%2F&t=Bitcoin-Stealing+OS+X+Trojan+Now+Masquerading+as+%27Angry+Birds%27+and+Other+Popular+Mac+Apps" target="_blank"><img src="http://res3.feedsportal.com/social/googleplus.png" border="0" />[/url]&nbsp;<a href="http://share.feedsportal.com/share/email/?u=http%3A%2F%2Fwww.macrumors.com%2F2014%2F02%2F27%2Fbitcoin-trojan-angry-birds%2F&t=Bitcoin-Stealing+OS+X+Trojan+Now+Masquerading+as+%27Angry+Birds%27+and+Other+Popular+Mac+Apps" target="_blank"><img src="http://res3.feedsportal.com/social/email.png" border="0" />[/url]</td><td valign='middle'></td></tr></table></div>

<img src="http://da.feedsportal.com/r/186531114427/u/49/f/648327/c/35070/s/379bf836/sc/15/rc/1/rc.img" border="0"/> (http://da.feedsportal.com/r/186531114427/u/49/f/648327/c/35070/s/379bf836/sc/15/rc/1/rc.htm)
<img src="http://da.feedsportal.com/r/186531114427/u/49/f/648327/c/35070/s/379bf836/sc/15/rc/2/rc.img" border="0"/> (http://da.feedsportal.com/r/186531114427/u/49/f/648327/c/35070/s/379bf836/sc/15/rc/2/rc.htm)
<img src="http://da.feedsportal.com/r/186531114427/u/49/f/648327/c/35070/s/379bf836/sc/15/rc/3/rc.img" border="0"/> (http://da.feedsportal.com/r/186531114427/u/49/f/648327/c/35070/s/379bf836/sc/15/rc/3/rc.htm)

<img src="http://da.feedsportal.com/r/186531114427/u/49/f/648327/c/35070/s/379bf836/a2.img" border="0"/> (http://da.feedsportal.com/r/186531114427/u/49/f/648327/c/35070/s/379bf836/a2.htm)<img width="1" height="1" src="http://pi.feedsportal.com/r/186531114427/u/49/f/648327/c/35070/s/379bf836/a2t.img" border="0"/><div class="feedflare">
<img src="http://feeds.feedburner.com/~ff/MacRumors-Front?d=yIl2AUoC8zA" border="0"></img> (http://feeds.macrumors.com/~ff/MacRumors-Front?a=5t00aT6_pDQ:_MHquV4PYuI:yIl2AUoC8zA) <img src="http://feeds.feedburner.com/~ff/MacRumors-Front?d=6W8y8wAjSf4" border="0"></img> (http://feeds.macrumors.com/~ff/MacRumors-Front?a=5t00aT6_pDQ:_MHquV4PYuI:6W8y8wAjSf4) <img src="http://feeds.feedburner.com/~ff/MacRumors-Front?d=qj6IDK7rITs" border="0"></img> (http://feeds.macrumors.com/~ff/MacRumors-Front?a=5t00aT6_pDQ:_MHquV4PYuI:qj6IDK7rITs)
</div><img src="http://feeds.feedburner.com/~r/MacRumors-Front/~4/5t00aT6_pDQ" height="1" width="1"/>

Source: Bitcoin-Stealing OS X Trojan Now Masquerading as 'Angry Birds' and Other Popular Mac Apps (http://www.macrumors.com/2014/02/27/bitcoin-trojan-angry-birds/)