Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

MacRumors

macrumors bot
Original poster
Apr 12, 2001
54,699
16,886



bitcoin1.png
A new Mac OS X trojan horse that monitors web browsing traffic in order to steal Bitcoins has been discovered by SecureMac. The trojan, called OSX/CoinThief.A, is disguised as an innocuous Bitcoin app called StealthBit that purports to send and receive anonymous payments.

The app was posted on open-source website GitHub, but the precompiled version of the app had the malicious payload installed. The malware installs browser extensions in Safari and Google Chrome looking for login credentials for a number of Bitcoin related websites including MtGox, BTC-e, and blockchain.info. When the app finds login credentials, it sends those back to the malware's developer.
Initial infection occurs when a user installs and runs an app called "StealthBit," which was recently available for download on GitHub, a website that acts as a repository for open source code. The source code to StealthBit was originally posted on GitHub, along with a precompiled copy of the app for download. The precompiled version of StealthBit did not match a copy generated from the source code, as it contained a malicious payload. Users who downloaded and ran the precompiled version of StealthBit instead ended up with infected systems. A user posting over the weekend on Reddit, the popular discussion site, reported losing 20 Bitcoins (currently worth upwards of $12,000 USD) to the thieves.
Bitcoin users who may have downloaded the app should check their browser extensions in Safari and Google Chrome for generic "Pop-Up Blocker" extensions.

Article Link: Bitcoin-Stealing Mac OS X Trojan Discovered
 

BigBeast

macrumors 6502a
Mar 6, 2009
643
39
So the user has to download and install the malware. Sorry, if you are that stupid than they should grab your credit card information as well.

I wouldn't say stupid per say, but definitely naive. Also, I would assume that if you are savvy enough to understand bit coins, their use, etc., then you are savvy enough to protect yourself for this situation, but you know what they when you assume...
 

2457282

Suspended
Dec 6, 2012
3,327
3,014
This article should be used as an add for the Apple app stores. the problem is that downloading from app sites that are not monitored or curated leads to these problems. The same has happened with Android app store. Like it or not the Apple app store for iOS and Mac are better curated and the chance of this happening is significantly lower.
 

azentropy

macrumors 68030
Jul 19, 2002
2,917
2,528
Surprise
This type of Trojan horse always reminds me of the joke when viruses were first becoming popular. Sanitized to be PC...

XXXXX Virus:
You have just received the "XXXXXX Virus." As the we have no
programming experience, this virus works on the honor system.
Please delete all the files on your hard drive and manually forward
this virus to everyone on your mailing list.

Thank you for your cooperation,
XXXXXXX
 

OldSchoolMacGuy

Suspended
Jul 10, 2008
4,197
9,050
but i thought if i got my mac i wouldn't any viruses! darn pc vs mac commercials.

You're willingly turning over your login and pass and admin access to your computer. No operating system in the world will stop this type of thing from gain access when you hand it the keys. It's not your security systems fault if you give the burglar your alarm code.
 

cmChimera

macrumors 601
Feb 12, 2010
4,068
2,973
A user installing software that harms them isn't a virus, it has to install itself to be considered such.

You're willingly turning over your login and pass and admin access to your computer. No operating system in the world will stop this type of thing from gain access when you hand it the keys. It's not your security systems fault if you give the burglar your alarm code.

I almost posted it....and then I was like, meh, he won't get it.
 

mdnz

macrumors 6502
Apr 14, 2010
394
1,000
The Netherlands
GitHub blew it. They should check all packages before hosting them.

Yes, GitHub should check the million lines of code and the hunderds of packages uploaded every second to make sure there isn't any malicious code in there.

If you don't know what you're talking about, just don't say anything.
 

MarcKerr

macrumors member
Mar 14, 2012
43
47
Indiana
This article should be used as an add for the Apple app stores. the problem is that downloading from app sites that are not monitored or curated leads to these problems. The same has happened with Android app store. Like it or not the Apple app store for iOS and Mac are better curated and the chance of this happening is significantly lower.

Yes but NO. Apple doesn't allow any useful Bitcoin (alt coin) apps in any of their app stores. Remember Blockchain? https://www.macrumors.com/2014/02/05/apple-removes-blockchain-app-store/
It's the curse (tradeoff) of allowing someone else control of what can be on your computing device.
 

MarcKerr

macrumors member
Mar 14, 2012
43
47
Indiana
So the user has to download and install the malware.

When was the last time you installed an app from a web site? How do you know it didn't contain a Trojan? Exactly how does anyone ever know the app is fine and not going to cause them a security issue? And even the App Store has had it's problems. http://nakedsecurity.sophos.com/2011/11/08/apples-app-store-security-compromised/

It really isn't so easy to know that some app isn't going to cause you problems. In this particular case I doubt a virus protection app would have detected the issue. All those kinds of apps depend on knowing about the exploit code before they can detect it.
 

carjakester

macrumors 68020
Oct 21, 2013
2,228
55
Midwest
A user installing software that harms them isn't a virus, it has to install itself to be considered such.

You're willingly turning over your login and pass and admin access to your computer. No operating system in the world will stop this type of thing from gain access when you hand it the keys. It's not your security systems fault if you give the burglar your alarm code.

Was clearly being sarcastic, don't get all worked up now...
 
Last edited by a moderator:

Iconoclysm

macrumors 68030
May 13, 2010
2,592
1,848
Washington, DC

PicnicTutorials

macrumors 6502a
Dec 29, 2013
546
13
It may not be a virus but a antivirus worth it's weight would most likely warn you if something was trying to install a browser plugin.
 

Milquetoast

macrumors newbie
Apr 14, 2008
28
7
Maryland
This type of Trojan horse always reminds me of the joke when viruses were first becoming popular. Sanitized to be PC...

XXXXX Virus:
You have just received the "XXXXXX Virus." As the we have no
programming experience, this virus works on the honor system.
Please delete all the files on your hard drive and manually forward
this virus to everyone on your mailing list.

Thank you for your cooperation,
XXXXXXX

Or...

This is the UNIX virus.

Please forward this email to everyone you know and then type "rm -fr *<nl>" while in your login directory.
 

ApfelKuchen

macrumors 601
Aug 28, 2012
4,123
2,713
Between the coasts
Kinda reminds me of a gold rush. BitCoin miners may not get shot, but there's no way they can completely avoid claim jumpers, sleazy supply merchants playing bait-and-switch, etc.

Then there's the contrast between Apple's restrictive "police state" and the self-policing open source movement. With greater freedom comes greater responsibility, but all most folks see is "free."

In the end, the Volunteer Community Watch has no obligation to be there, which is why gold rush boomtowns hired sheriffs, why the RCMP was dispatched to the Yukon, and why 19th Century businesses like the Pinkerton Agency got rich. But of course, all these things happened after something bad happened.

Those who cannot learn from history are doomed to repeat it.
George Santayana

Don't it always seem to go, that you don't know what you've got 'til it's gone?"
Joni Mitchell
 

dBeats

macrumors 6502a
Jun 21, 2011
636
214
I don't like Bitcoin and I don't use it, but seriously, don't people realize they can store their bitcoins offline on a USB thumb drive and lock it in a safe in their house, just like you would if you had 10 grand in gold bars? Just upload what you need and then spend it right away. Don't keep all your money on an online wallet!! Why would anyone put $10,000 or more on some website that you know nothing about, where it's not insured, and think this is a reasonable way to do things?
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.