ESET is warning Mac® users not to download pirated software from file-sharing peer-to-peer (P2P) networks in the wake of a new malware discovery. Researchers have discovered a Bitcoin-stealing malware called OSX/CoinThief being spread via cracked apps, apps often obtained by over-riding Apple's standard security settings.
The OSX/CoinThief trojan infects computers running the Mac OS X platform®, stealing login credentials related to various Bitcoin exchanges and wallet sites by installing malicious browser add-ons.
ESET malware experts have discovered that CoinThief is being spread via P2P file-sharing networks, disguised as cracked versions of the following popular Mac OS X applications:
- BBEdit – an OS X text editor
- Pixelmator – a graphics editor
- Angry Birds – a game where players use a slingshot to launch birds at their targets
- Delicious Library – a media cataloguing application
"The hackers behind the CoinThief trojan are trying to cash in on the current Bitcoin craze and fluctuating exchange rates by breaking into users' digital wallets," said Security Researcher Graham Cluley, who wrote about the threat on ESET's WeLiveSecurity blog. "As ESET's research team has shown, Mac users who download and install pirated software from torrent sites are not only depriving developers of their rightful income, but are also putting their computers and finances at risk."
According to detection statistics gathered by the ESET Live Grid, the threat is mostly active amongst Mac users based in the United States. CoinThief was first spotted earlier this month by SecureMac researchers, who found it had been distributed via popular download sites, such as Download.com and MacUpdate.com, disguised as trojanized versions of Bitcoin Ticker TTM (To The Moon), BitVanity, StealthBit and Litecoin Ticker.
ESET researchers strongly recommend that all Mac users protect their computers with an up-to-date anti-virus product and resist the temptation to download cracked and pirated software.
For more information on the CoinThief malware and how to clean infected devices, visit ESET's WeLiveSecurity blog here.
Comments