SecureMac reported this Monday that there is a new Trojan out there, which they have named OSX/CoinThief.A. The Trojan malware is designed to target Mac users and follows the users web traffic patterns in order to eventually steal Bitcoins from the unsuspecting users. SecureMac reports that the malware has spread a lot and that they have received several reports of Bitcoins being stolen.
The malware was distributed through an application called “StealthBit”, which has only just recently been removed from Github. The source code version didn’t match the precompiled version, with the latest version containing the malicious malware. StealthBit’s original purpose was to be an application where users could send and receive Bitcoins with Bitcoin stealth addresses.
The malware simply installs browser extensions for Safari and Chrome as well as separate background program. All of these monitors the web traffic of the user and would grab login credentials for users logging in to their Bitcoin wallets and then send it to a remote server. The browser extension made itself known as being a popup blocker, removing suspicion for most users.
A user on the popular Reddit site reported to have lost 20 Bitcoins through the malware from StealthBit, but how many Bitcoins that have been stolen in total due to the malware is not known.