CoinThief
also known as OSX/StealBit
- Type:
- Trojan Horse
- Platform:
- Mac OS X
- Last updated:
- 02/13/16 8:48 am
- Threat Level:
- High
Description
CoinThief is a Trojan horse that steals Bitcoins. Early versions of the malware were distributed through GitHub, a website which hosts publicly available software source code. Subsequent versions of CoinThief were also found on popular Mac app download sites.
CoinThief comes disguised either as a cryptocurrency “wallet” app — software for sending and receiving cryptocurrency — or as a cryptocurrency price ticker. The Trojanized wallet application is called StealthBit; the price ticker apps go by the names of “Bitcoin Ticker TTM for Mac” or “Litecoin Ticker”. Upon installation, the Trojan installs malicious browser extensions that monitor an infected machine’s web traffic in order to steal login credentials for popular cryptocurrency exchanges like the now-defunct Mt. Gox and BTC-e, as well as Bitcoin wallet sites like blockchain.info. Once the malware spots the credentials it’s looking for, it transmits them to a remote server which is controlled by the hackers, who are then able to use the stolen usernames and passwords to access their victims’ accounts and transfer Bitcoin to their own (untraceable) wallet addresses.
CoinThief Threat Removal
MacScan can detect and remove CoinThief Trojan Horse from your system, as well as provide protection against other security and privacy threats. A 30-day trial is available to scan your system for this threat.