Do you mine Bitcoins? Be careful: a new Mac trojian in the wild is looking to steal them.
First discovered by SecureMac on Sunday, the new trojan targets users of Mac OS X and spies on your web activity to steal Bitcoins.
Here’s how it works:
Disguised as an app to send and receive payments on Bitcoin Stealth Addresses, OSX/CoinThief.A instead acts as a dropper and installs browser extensions that monitor all web browsing traffic, looking specifically for login credentials for many popular Bitcoin websites, including MtGox and BTC-e, as well as Bitcoin wallet sites like blockchain.info. When login credentials are identified, such as when a user logs in to check their Bitcoin wallet balance, another component of the malware then sends the information back to a remote server run by the malware authors.
Some users have already lost as much as $12,000 worth of Bitcoins to the malware. And unfortunately, it looks like the installation of the Trojan is largely invisible: it installs extensions in Safari and Google Chrome without even alerting the end user, as well as malware that always runs in the background, looking for Bitcoin wallet login credientials.
Right now, it looks like the best way to identify the trojan is to search for extensions called “Pop-Up Blocker”, which has a description reading “Blocks pop-up windows and other annoyances.” Actually, though, it’s stealing your Bitcoins, so watch out!