AAPL Stock: 131.5 ( -0.54 )

Printed from

Report: trojan malware spreading, hiding in other Bitcoin apps

updated 12:51 am EST, Thu February 13, 2014

Now being spread through Bitcoin programs found on

The newly-detected OS X malware dubbed "OSX/CoinThief.A," a "trojan horse" that disguises itself as a copy of a legitimate app, has spread to other Bitcoin applications. SecureMac, an anti-virus software seller, discovered the original implementation of the malware disguised as a pre-compiled version of an open-source Bitcoin tool. It has now been seen pretending to be other Bitcoin apps, some of which are available on

The malware, once installed by Bitcoin fans installs fake browser extensions for Chrome, Firefox and Safari (that identify as "Pop-Up Blocker" or other generic titles) which actually spy on web traffic looking for and capturing login credentials for popular Bitcoin trading sites, with the ultimate aim of stealing a users' Bitcoins. Originally seen as a fake version of StealthBit, the program is now pretending to be other apps such as Bitcoin Ticker TTM and Litecoin Ticker. The original legit app, Stealthbit, has since been taken down in an effort to combat the malware.

SecureMac has published removal instructions for the malware on its blog, though Mac users may want to simply avoid downloading any Bitcoin-related apps (or download them directly from the developers' websites rather than other download services) until authorities can shut down the Bitcoin-stealing operators of the malware and its command and control centers. To discover if a users' system may possibly already have the malware, the company advises users to open Activity Monitor and look for a process called ""

Users can also check their preferred browsers and check for the presence of a generic "Pop-Up Blocker" extension. To remove the malware, users must first go offline, then remove any of the suspect apps from their system (BitVanity, SteathBit, Bitcoin Ticker TTM or Litecoin Ticker). Users must then enter Terminal commands to unload the file, followed by a command to unhide the malware and move it to the desktop, where it can be manually dragged into the trash, as well as unhide and move the plist file in the same manner. Finally, to prevent possible re-installation, users should change the passwords they have for any Bitcoin-related websites.

Apple and other anti-malware makers are in the process of updating their services to prevent installation of the trojan software in the first place, but in the meantime not downloading any Bitcoin third-party apps and not logging into Bitcoin sites unless the user is certain they do not have the malware are the safest courses of action in the short term.

by MacNN Staff



Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Notti smart lamp from Witti

Perhaps you've already seen our review of the Dotti LED display from Witti Design. Meet Notti, Dotti's "sibling". Notti is a softb ...

Seagate Personal Cloud (2-Bay)

When it comes to backing up files, many users are now looking to the myriad of cloud storage solutions available. There is no doubt th ...

Leitz Icon Label Printer

When you say the words "label printer" to people, they either just really don't care, or they get incredibly excited. This is one o ...


Most Commented