Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > News and Article Discussion > Mac Blog Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Feb 10, 2014, 11:51 AM   #1
MacRumors
macrumors bot
 
Join Date: Apr 2001
Bitcoin-Stealing Mac OS X Trojan Discovered




A new Mac OS X trojan horse that monitors web browsing traffic in order to steal Bitcoins has been discovered by SecureMac. The trojan, called OSX/CoinThief.A, is disguised as an innocuous Bitcoin app called StealthBit that purports to send and receive anonymous payments.

The app was posted on open-source website GitHub, but the precompiled version of the app had the malicious payload installed. The malware installs browser extensions in Safari and Google Chrome looking for login credentials for a number of Bitcoin related websites including MtGox, BTC-e, and blockchain.info. When the app finds login credentials, it sends those back to the malware's developer.
Quote:
Initial infection occurs when a user installs and runs an app called "StealthBit," which was recently available for download on GitHub, a website that acts as a repository for open source code. The source code to StealthBit was originally posted on GitHub, along with a precompiled copy of the app for download. The precompiled version of StealthBit did not match a copy generated from the source code, as it contained a malicious payload. Users who downloaded and ran the precompiled version of StealthBit instead ended up with infected systems. A user posting over the weekend on Reddit, the popular discussion site, reported losing 20 Bitcoins (currently worth upwards of $12,000 USD) to the thieves.
Bitcoin users who may have downloaded the app should check their browser extensions in Safari and Google Chrome for generic "Pop-Up Blocker" extensions.

Article Link: Bitcoin-Stealing Mac OS X Trojan Discovered
MacRumors is offline   0 Reply With Quote
Old Feb 10, 2014, 11:52 AM   #2
carjakester
macrumors 68020
 
carjakester's Avatar
 
Join Date: Oct 2013
Location: Midwest
but i thought if i got my mac i wouldn't any viruses! darn pc vs mac commercials.
__________________
Late 2013 rMBP iPad 4 Retina Ipad Mini Iphone 5s Apple TV 3
carjakester is offline   7 Reply With Quote
Old Feb 10, 2014, 11:53 AM   #3
Corrode
macrumors 6502
 
Join Date: Dec 2008
Location: Calgary, AB
It's not a virus...blah blah blah. Every time.
__________________
13" MBP, 2.26 GHz, 8GB; 80GB iPod Classic; iPhone 5S
Corrode is offline   9 Reply With Quote
Old Feb 10, 2014, 11:54 AM   #4
Solver
macrumors regular
 
Join Date: Jan 2004
Location: San Jose
Virtual theft for virtual money needs the virtual police.
Solver is offline   6 Reply With Quote
Old Feb 10, 2014, 11:54 AM   #5
Creep89
macrumors regular
 
Join Date: Mar 2012
So the user has to download and install the malware.
Creep89 is offline   11 Reply With Quote
Old Feb 10, 2014, 11:55 AM   #6
Peace
macrumors P6
 
Join Date: Apr 2005
Location: Space--The ONLY Frontier
GitHub blew it. They should check all packages before hosting them.
__________________
Throw us one Russell---John Fox Super Bowl 49
Peace is offline   2 Reply With Quote
Old Feb 10, 2014, 11:59 AM   #7
BigBeast
macrumors 6502
 
Join Date: Mar 2009
Quote:
Originally Posted by Creep89 View Post
So the user has to download and install the malware. Sorry, if you are that stupid than they should grab your credit card information as well.
I wouldn't say stupid per say, but definitely naive. Also, I would assume that if you are savvy enough to understand bit coins, their use, etc., then you are savvy enough to protect yourself for this situation, but you know what they when you assume...
__________________
2012 cMBP 2.6GHz Core i7 16gb 512 SSD iPhone 5S iPad Air
BigBeast is offline   7 Reply With Quote
Old Feb 10, 2014, 11:59 AM   #8
Cuban Missles
macrumors 6502a
 
Cuban Missles's Avatar
 
Join Date: Dec 2012
Location: East Coast, USA
This article should be used as an add for the Apple app stores. the problem is that downloading from app sites that are not monitored or curated leads to these problems. The same has happened with Android app store. Like it or not the Apple app store for iOS and Mac are better curated and the chance of this happening is significantly lower.
__________________
I have a collection of Apple stickers from all my Apple product purchases - they are white (the stickers not the products)
Cuban Missles is offline   3 Reply With Quote
Old Feb 10, 2014, 12:07 PM   #9
I like bananas
macrumors member
 
Join Date: Oct 2013
Good, we need more trojans for Macs.
I like bananas is offline   2 Reply With Quote
Old Feb 10, 2014, 12:16 PM   #10
FloatingBones
macrumors 65816
 
FloatingBones's Avatar
 
Join Date: Jul 2006
Quote:
Originally Posted by carjakester View Post
but i thought if i got my mac i wouldn't any viruses! darn pc vs mac commercials.
That's about as good as NBC's "All visitors to Sochi Immediately Hacked" claim:



Their claims were thoroughly debunked in the article That NBC story 100% fraudulent. If I were Putin, I would have ejected the "journalist" who filed that story.
FloatingBones is offline   7 Reply With Quote
Old Feb 10, 2014, 12:31 PM   #11
azentropy
macrumors 65816
 
Join Date: Jul 2002
Location: Surprise
This type of Trojan horse always reminds me of the joke when viruses were first becoming popular. Sanitized to be PC...

XXXXX Virus:
You have just received the "XXXXXX Virus." As the we have no
programming experience, this virus works on the honor system.
Please delete all the files on your hard drive and manually forward
this virus to everyone on your mailing list.

Thank you for your cooperation,
XXXXXXX
__________________
 Too Many  products to List! 
azentropy is offline   9 Reply With Quote
Old Feb 10, 2014, 12:36 PM   #12
goobot
macrumors 601
 
goobot's Avatar
 
Join Date: Jun 2009
Location: long island NY
Quote:
Originally Posted by carjakester View Post
but i thought if i got my mac i wouldn't any viruses! darn pc vs mac commercials.
A user installing software that harms them isn't a virus, it has to install itself to be considered such.
__________________
Unibody Macbook |iPad|Apple TV 2|Black iPhone 6
goobot is offline   6 Reply With Quote
Old Feb 10, 2014, 12:49 PM   #13
OldSchoolMacGuy
macrumors 6502a
 
OldSchoolMacGuy's Avatar
 
Join Date: Jul 2008
Quote:
Originally Posted by carjakester View Post
but i thought if i got my mac i wouldn't any viruses! darn pc vs mac commercials.
You're willingly turning over your login and pass and admin access to your computer. No operating system in the world will stop this type of thing from gain access when you hand it the keys. It's not your security systems fault if you give the burglar your alarm code.
OldSchoolMacGuy is offline   12 Reply With Quote
Old Feb 10, 2014, 12:56 PM   #14
cmChimera
macrumors 68000
 
cmChimera's Avatar
 
Join Date: Feb 2010
Quote:
Originally Posted by goobot View Post
A user installing software that harms them isn't a virus, it has to install itself to be considered such.
Quote:
Originally Posted by OldSchoolMacGuy View Post
You're willingly turning over your login and pass and admin access to your computer. No operating system in the world will stop this type of thing from gain access when you hand it the keys. It's not your security systems fault if you give the burglar your alarm code.
I almost posted it....and then I was like, meh, he won't get it.
cmChimera is offline   4 Reply With Quote
Old Feb 10, 2014, 12:57 PM   #15
mdnz
macrumors regular
 
Join Date: Apr 2010
Location: The Netherlands
Quote:
Originally Posted by Peace View Post
GitHub blew it. They should check all packages before hosting them.
Yes, GitHub should check the million lines of code and the hunderds of packages uploaded every second to make sure there isn't any malicious code in there.

If you don't know what you're talking about, just don't say anything.
mdnz is offline   17 Reply With Quote
Old Feb 10, 2014, 01:26 PM   #16
JoeRito
macrumors 6502
 
Join Date: Apr 2012
Location: New England, USA
Virtual currency sucks.... Seriously, buy hard assets like gold and silver...they are priced right at present!
__________________
MBP 15 , MBA 13 , iPad Air 64 , 92 lb Chocolate Lab
JoeRito is offline   0 Reply With Quote
Old Feb 10, 2014, 01:45 PM   #17
MarcKerr
macrumors newbie
 
Join Date: Mar 2012
Location: Indiana
Quote:
Originally Posted by Cuban Missles View Post
This article should be used as an add for the Apple app stores. the problem is that downloading from app sites that are not monitored or curated leads to these problems. The same has happened with Android app store. Like it or not the Apple app store for iOS and Mac are better curated and the chance of this happening is significantly lower.
Yes but NO. Apple doesn't allow any useful Bitcoin (alt coin) apps in any of their app stores. Remember Blockchain? http://www.macrumors.com/2014/02/05/...ain-app-store/
It's the curse (tradeoff) of allowing someone else control of what can be on your computing device.
MarcKerr is offline   1 Reply With Quote
Old Feb 10, 2014, 01:57 PM   #18
MarcKerr
macrumors newbie
 
Join Date: Mar 2012
Location: Indiana
Quote:
Originally Posted by Creep89 View Post
So the user has to download and install the malware.
When was the last time you installed an app from a web site? How do you know it didn't contain a Trojan? Exactly how does anyone ever know the app is fine and not going to cause them a security issue? And even the App Store has had it's problems. http://nakedsecurity.sophos.com/2011...y-compromised/

It really isn't so easy to know that some app isn't going to cause you problems. In this particular case I doubt a virus protection app would have detected the issue. All those kinds of apps depend on knowing about the exploit code before they can detect it.
MarcKerr is offline   2 Reply With Quote
Old Feb 10, 2014, 02:11 PM   #19
carjakester
macrumors 68020
 
carjakester's Avatar
 
Join Date: Oct 2013
Location: Midwest
Quote:
Originally Posted by goobot View Post
A user installing software that harms them isn't a virus, it has to install itself to be considered such.
Quote:
Originally Posted by OldSchoolMacGuy View Post
You're willingly turning over your login and pass and admin access to your computer. No operating system in the world will stop this type of thing from gain access when you hand it the keys. It's not your security systems fault if you give the burglar your alarm code.
Was clearly being sarcastic, don't get all worked up now...
__________________
Late 2013 rMBP iPad 4 Retina Ipad Mini Iphone 5s Apple TV 3

Last edited by annk; Feb 11, 2014 at 03:18 PM. Reason: Removed quote of deleted post
carjakester is offline   1 Reply With Quote
Old Feb 10, 2014, 02:22 PM   #20
Iconoclysm
macrumors 6502a
 
Join Date: May 2010
Quote:
Originally Posted by MarcKerr View Post
Yes but NO. Apple doesn't allow any useful Bitcoin (alt coin) apps in any of their app stores. Remember Blockchain? http://www.macrumors.com/2014/02/05/...ain-app-store/
It's the curse (tradeoff) of allowing someone else control of what can be on your computing device.
Not really seeing how bitcoin apps are necessary if you have a web browser and the ability to RDP...
Iconoclysm is offline   0 Reply With Quote
Old Feb 10, 2014, 02:37 PM   #21
OLDCODGER
macrumors 6502
 
Join Date: Jul 2011
Location: Lucky Country
Question, if i may: Would Little Snitch have caught this before it could send details?
OLDCODGER is offline   0 Reply With Quote
Old Feb 10, 2014, 02:42 PM   #22
PicnicTutorials
macrumors 6502
 
Join Date: Dec 2013
It may not be a virus but a antivirus worth it's weight would most likely warn you if something was trying to install a browser plugin.
__________________
- Picnic Website Code Tutorials
- Late 2013 27" iMac, 16GB Ram, 3.5GHz Quad-core i7, 512GB PCIe SSD, NVIDIA GeForce GTX 780M 4GB, Magic Mouse + Magic Trackpad + Wireless Keyboard, iPad Air & Phone 5
PicnicTutorials is offline   0 Reply With Quote
Old Feb 10, 2014, 03:01 PM   #23
Milquetoast
macrumors newbie
 
Join Date: Apr 2008
Location: Maryland
Quote:
Originally Posted by azentropy View Post
This type of Trojan horse always reminds me of the joke when viruses were first becoming popular. Sanitized to be PC...

XXXXX Virus:
You have just received the "XXXXXX Virus." As the we have no
programming experience, this virus works on the honor system.
Please delete all the files on your hard drive and manually forward
this virus to everyone on your mailing list.

Thank you for your cooperation,
XXXXXXX
Or...

Quote:
This is the UNIX virus.

Please forward this email to everyone you know and then type "rm -fr *<nl>" while in your login directory.
Milquetoast is offline   2 Reply With Quote
Old Feb 10, 2014, 03:08 PM   #24
ApfelKuchen
macrumors 6502a
 
Join Date: Aug 2012
Location: Between the coasts
Kinda reminds me of a gold rush. BitCoin miners may not get shot, but there's no way they can completely avoid claim jumpers, sleazy supply merchants playing bait-and-switch, etc.

Then there's the contrast between Apple's restrictive "police state" and the self-policing open source movement. With greater freedom comes greater responsibility, but all most folks see is "free."

In the end, the Volunteer Community Watch has no obligation to be there, which is why gold rush boomtowns hired sheriffs, why the RCMP was dispatched to the Yukon, and why 19th Century businesses like the Pinkerton Agency got rich. But of course, all these things happened after something bad happened.

Those who cannot learn from history are doomed to repeat it.
George Santayana

Don't it always seem to go, that you don't know what you've got 'til it's gone?"
Joni Mitchell
ApfelKuchen is offline   0 Reply With Quote
Old Feb 10, 2014, 03:10 PM   #25
dBeats
macrumors 6502
 
Join Date: Jun 2011
I don't like Bitcoin and I don't use it, but seriously, don't people realize they can store their bitcoins offline on a USB thumb drive and lock it in a safe in their house, just like you would if you had 10 grand in gold bars? Just upload what you need and then spend it right away. Don't keep all your money on an online wallet!! Why would anyone put $10,000 or more on some website that you know nothing about, where it's not insured, and think this is a reasonable way to do things?
dBeats is offline   3 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > Mac Blog Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Bitcoin-Stealing OS X Trojan Now Masquerading as 'Angry Birds' and Other Popular Mac Apps MacRumors MacRumors.com News Discussion 127 Mar 4, 2014 03:23 PM
How will the new mac pro fare as a Bitcoin mining machine? Cape Dave Mac Pro 24 Feb 11, 2014 01:34 AM
New Apple Mac Trojan Called OSX/CoinThief Discovered BDM STUDIOS NL OS X Mavericks (10.9) 3 Feb 10, 2014 10:53 AM
Newly Discovered Mac Malware Captures and Stores Screenshots MacRumors MacRumors.com News Discussion 59 May 21, 2013 07:45 AM
New Mac OS X backdoor discovered borcanm OS X 5 Jul 4, 2012 06:19 PM

Forum Jump

All times are GMT -5. The time now is 11:13 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC