Bitcoin-Stealing Mac OS X Trojan Discovered

[Nunyabinez]

Just like almost everything else, I got into the bitcoin thing too late and now it's really hard to make money off it. Just once I'd like to get into something early enough to take advantage.

 

[MTShipp]

Question, if i may: Would Little Snitch have caught this before it could send details?

I'd like to know this too.

 

[mactumors]

GitHub blew it. They should check all packages before hosting them.

Just like MacRumors should check all comments for nonsense before hosting them.

 

[epic-retouching]

Well I know I am safe since I have not downloaded and installed Bit Coin Trojan RPG yet.

 

[cerote]

I'd like to know this too.

My guess that is up to how you have the rules setup for Safari since it installs a plug-in for that to get the info. Or if the plug-in then feeds to the app then the app sends it to server then it would be a flag to you.

 

[gnasher729]

but i thought if i got my mac i wouldn't any viruses! darn pc vs mac commercials.

Yes, someone has to post a quick and thoughtless comment.
This isn't a virus.

To get this malware, you have to look on the internet, find it, and install it yourself on your Macintosh. You have to turn Gatekeeper off because the application doesn't come from the AppStore and isn't signed by the developer. You have to get past a few warning dialogs in MacOS X (like: Do you really want to install this application that comes from some untrusted site on the internet? Do you really, really want to run this application).

So it's not a virus, which would be software getting on your computer without you doing anything, it is a trojan where you have to go out of your way to install it yourself, turning off security features of MacOS X and ignoring multiple warnings.

 

[macs4nw]

…..Users who downloaded and ran the precompiled version of StealthBit instead ended up with infected systems. A user posting over the weekend on Reddit, the popular discussion site, reported losing 20 Bitcoins (currently worth upwards of $12,000 USD) to the thieves.

Article Link: Bitcoin-Stealing Mac OS X Trojan Discovered

Wonder if this is traceable by law enforcement…..

 

[MarcKerr]

To get this malware, you have to look on the internet, find it, and install it yourself on your Macintosh. You have to turn Gatekeeper off because the application doesn't come from the AppStore and isn't signed by the developer. You have to get past a few warning dialogs in MacOS X (like: Do you really want to install this application that comes from some untrusted site on the internet? Do you really, really want to run this application).

So it's not a virus, which would be software getting on your computer without you doing anything, it is a trojan where you have to go out of your way to install it yourself, turning off security features of MacOS X and ignoring multiple warnings.

OK so you can honestly say you never install any apps that don't come from the App Store or aren't signed by a developer? Ever? really?

 

[dXTC]

I don't like Bitcoin and I don't use it, but seriously, don't people realize they can store their bitcoins offline on a USB thumb drive and lock it in a safe in their house, just like you would if you had 10 grand in gold bars? Just upload what you need and then spend it right away.
Don't keep all your money on an online wallet!!
Why would anyone put $10,000 or more on some website that you know nothing about, where it's not insured, and think this is a reasonable way to do things?

Emphasis mine. My Bitcoin wallet is offline for two reasons:

• Security, as described above.
• Lack of ability to pay transfer fees. My wallet is so tiny and near-worthless that joining an exchange makes no sense.

 

[alphaod]

I didn't even know I could upload binaries to Github. I thought it was all just for sharing code.