SecureMac, Inc.

Malware Library. Threats targeting Macs.

Mac malware exists in all shapes and sizes and new digital parasites evolve every day. Whether it’s adware, trojan horses, keystroke loggers, viruses or other spyware, stay up-to-date and discover more information about the latest threats targeting your Mac here.


also known as OSX/StealBit

    • Type:
    • Trojan Horse
    • Platform:
    • Mac OS X
    • Last updated:
    • 02/13/16 8:48 am
    • Threat Level:
    • High


CoinThief is a Trojan horse that steals Bitcoins. Early versions of the malware were distributed through GitHub, a website which hosts publicly available software source code. Subsequent versions of CoinThief were also found on popular Mac app download sites.

CoinThief comes disguised either as a cryptocurrency “wallet” app — software for sending and receiving cryptocurrency — or as a cryptocurrency price ticker. The Trojanized wallet application is called StealthBit; the price ticker apps go by the names of “Bitcoin Ticker TTM for Mac” or “Litecoin Ticker”. Upon installation, the Trojan installs malicious browser extensions that monitor an infected machine’s web traffic in order to steal login credentials for popular cryptocurrency exchanges like the now-defunct Mt. Gox and BTC-e, as well as Bitcoin wallet sites like Once the malware spots the credentials it’s looking for, it transmits them to a remote server which is controlled by the hackers, who are then able to use the stolen usernames and passwords to access their victims’ accounts and transfer Bitcoin to their own (untraceable) wallet addresses.

CoinThief Threat Removal

MacScan can detect and remove CoinThief Trojan Horse from your system, as well as provide protection against other security and privacy threats. A 30-day trial is available to scan your system for this threat.

Download MacScan

Join our mailing list for the latest security news and deals