Another parchange του Mac Trojan “OSX/CoinThief” που ανακαλύφθηκε πρόσφατα βρέθηκε να φιλοξενείται σε δύο δημοφιλείς ιστοσελίδες της Download.com και της MacUpdate.com.
CoinThief malware is designed to steal the login credentials that exchange Bitcoins from the victim, as well as the user name and the UUID (unique identifier) of the Mac. It also collects information about Bitcoins-managed applications installed on the infected system.
A few days ago, SecureMac detected this Trojan, which was uploaded under the name "Stealthbit” on GitHub and had been downloaded by hundreds of users. A user of reddit pointed out the similarity between the fake bitcoin app “BitVanity”And stealthbit.
Her experts SecureMac spotted another variant called "Bitcoin Ticker TTM" and "Litecoin Ticker" on popular download sites. The specific application names appear to have been copied from legitimate applications on the Mac App Store.
This version installs a false extension to Chrome, Safari, and Firefox browsers, called Pop-up Blocker. The malicious extension captures traffic to steal login credentials to bitcoin exchange websites. When you get them data, επικοινωνήσει και τα στέλνει σε έναν απομακρυσμένο server.