Sign in with
Sign up | Sign in

Mac BitCoin Trojan Found on Legit Software Sites

By - Source: Tom's Guide US | B 3 comments

The intersection of Bitcoin advocates and Mac users may not be enormous, but malefactors saw this small market as an opportunity to make some fast cash. Some Bitcoin tracker apps for Mac have been infected with malware — and until yesterday, you could have found them on the reputable software repositories and MacUpdate.

According to Mac security site SecureMac, the infected programs include Bitcoin Ticker TTM, BitVanity, StealthBit and Litecoin Ticker (which, as the name suggests, tracks Litecoin rather than Bitcoin). These programs are supposed to track Bitcoin prices and keep a user apprised via a desktop display.

MORE: 13 Security and Privacy Tips for the Truly Paranoid

To be fair, the corrupted versions of the apps do what they suggest, but they also install CoinThief, an Internet browser add-on that steals users' credentials whenever they make Bitcoin transactions online. CoinThief hides itself under an unassuming name such as "Pop-up blocker," which can make spotting it tricky.

The fact that these apps are freely available on trustworthy sites such as and MacUpdate is also a cause for concern. In this case, neither accurately vetted its offerings, but this is hardly the only incident of spreading dodgy programs. We've recently come across downloads from that came bundled with the hard-to-shake Conduit adware, which can expose computers to malware and viruses.

Fortunately for Bitcoin enthusiasts with Macs, the CoinThief malware did not get very far. Only a few hundred users downloaded the apps from either site, but at least one Reddit user said he'd lost almost $12,000. Anyone who installed these apps should keep a close eye on their Bitcoin wallets and change whatever relevant login information they can.

In order to remove CoinThief, open up your Internet browser and uninstall any innocuous-sounding extensions that you don't recognize — or just uninstall everything and reinstall your favorites, to be safe. Then, uninstall the Bitcoin ticker program; running a Mac anti-malware program will take care of the rest.

Apple has updated its built-in XProtect software, also known as File Quarantine, to catch CoinThief before it's installed. But because this won't be the last corrupted OS X app, exercise caution about programs from third-party software repositories from now on.

Be sure to decline the installation of any third-party software, and whenever possible, get a program right from the developer's website or from OS X's own App Store.

Follow Marshall Honorof @marshallhonorofand on Google+. Follow us @tomsguide, on Facebook and on Google+.

Display 3 comments.
This thread is closed for comments
  • 0 Hide
    DIn552 , February 13, 2014 11:45 AM
    Start working at home with Google! Just work for few hours and have more time with friends and family. I earn up to $500 per week. It's a great work at home opportunity. I can't believe how easy it was once I tried it out. Linked here
  • 0 Hide
    CatherineRMorse , February 13, 2014 2:27 PM
  • 0 Hide
    CatherineRMorse , February 13, 2014 2:28 PM
    my classmate's step-sister makes $80 /hr on the computer . She has been without work for 10 months but last month her payment was $21389 just working on the computer for a few hours. Visit This Link,,,,,,,,,,,,, W­W­W.F­i­z­z­j­o­b.C­o­M
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter