New Mac malware is monitoring the your web browser to steal your bitcoins, this is discovered by SecureMac on Sunday. The trojan horse named as “OSX/CoinThief.A.”SecureMac, a Mac security consultancy that develops the MacScan anti-malware application released a report to warning about ‘CoinThief.A’.
This Trojan is standard OS X application called StealthBit, which was recently uploaded to GitHub. While advertised as a legitimate project for receiving Bitcoin payments on Bitcoin Stealth Addresses, the StealthBit instead was a guise to install malicious tracker software on unsuspecting Mac users.
The StealthBit app had been available on GitHub both as source code and a pre-compiled download, but the page has now been removed.
Researchers said the binary file didn't match with the copy generated from source code. Those who installed the pre-compiled version of the app likely to be infected by this malware.
When users download the app, the trojan quietly installs extensions into web browsers, and then sifts through those browsers looking for login credentials for Bitcoin-related websites like Mt. Gox, BTC-e, and Blockchain.
Once the “StealthBit” app finds a set of login credentials, it sends that information back to remote servers owned by the malware’s developer. The data that's sent back to the developer's remote servers isn’t limited to Bitcoin login information.
However, the usernames and unique identifiers (UUIDs) for infected Macs are also transmitted to the servers, in addition to any Bitcoin-related apps already installed on the system.
If you had already downloaded the StealthBit app, it’s important to isolate the extensions that spy on your browser’s activity to prevent data theft or loss.
The malware extension name is “Pop-Up Blocker,” with the description “Blocks pop-up windows and other annoyances.” If you found these files on your browser, delete it, and report the issue directly to Apple.
No comments:
Post a Comment