BitCoin users on Apple devices attacked by Malware

bitcoin-thiefA Mac OSX trojan horse disguised as a bitcoin wallet application is responsible for “multiple” bitcoin thefts.

SecureMac, a Mac security consultancy that develops the MacScan anti-malware application warns of a new threath called ‘CoinThief.A’.

Hidden within the open-source OSX bitcoin wallet app StealthBit, CoinThief.A monitors users’ web traffic to steal login credentials for software wallets and popular bitcoin sites, like BTC-e, Mt. Gox, and Blockchain.info.

The StealthBit app had been available on GitHub both as source code and as a pre-compiled download, but the page was removed fast.

Suspicion started to appear when investigators discovered that the pre-compiled version did not match the original source (which more knowledgeable users could and should be able to examine for themselves).

Upon running the program for the first time, the malware installed browser extensions for Safari and the Google Chrome web browser, without alerting the user. The web browsers are tricked into thinking that the user intentionally installed the extensions, and give no warning to the user that all of their web browsing traffic is now being monitored by the malicious extensions.

Additionally, the malware installed a program that continually runs in the background, looking for bitcoin wallet login credentials, which where then sent back to a remote server.

The browser extensions had innocuous sounding names like ‘Pop-up Blocker’ to avoid detection. Once installed, the trojan also searched the system for anti-malware software and logged unique identifiers (UUIDs) for each infected machine.

Large amount got stolen!

At least one Bitcoin Talk Forum user reported a devastating 20BTC theft after installing this StealthBit.

Other investigators noted several similarities between StealthBit and Bitvanity, another piece of notorious Mac malware that stole users’ bitcoins in August 2013. Bitvanity posed as a vanity wallet address generator that harvested addresses and private keys from software like the Bitcoin-Qt clients.

StealthBit’s GitHub code repository was stored under the username ‘thomasrevor’ and a reddit user named ‘trevorscool’ posted an announcement about it’s development there on February 2nd. Last year, Bitvanity’s GitHub code was posted under the name ‘trevory’. Something that indicates that this may be the same person.

Recent fall of BitCoin price

This malware attempt caused the bitcoin market value to drop radically in the last couple of days. After watching the prince trends, bitcoin fell from $1000 and down to a depressing $490 at lowest.
The prices has started to rise again, due people being aware of the problem, and hopefully it will get back up on top again.

Not so safe after all like we want it to be?

Linux and Windows users should not be affected by this, as far as we know. But attempt to do so is still out there, so be aware when you upgrade your wallet.
Even for Mac which they all thought had no threats. More and more malware are aimed against apple devices, and maybe Apple stuff might not be that shiny safe system that they want it to be.

Leave a Reply