Defend what you create

Other Resources

Close

Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Back to news

Trojan.CoinThief steals digital currency on Macs

February 13, 2014

Malicious programs for mining and stealing digital currency are a very common type of threat for Windows PCs. However, virus writers do not disregard other platforms. One of the virus definitions recently added to the Dr.Web virus database as Trojan.CoinThief is designed to steal bitcoins on Apple-manufactured computers.

Doctor Web's security researchers know of several Trojan.CoinThief modifications. The first samples were discovered in autumn 2013 when the bitcoin exchange rate was growing rapidly. The program is disguised as legitimate mining applications, such as BitVanity, StealthBit, Bitcoin Ticker TTM, and Litecoin Ticker. Trojan.CoinThief infects computers running Mac OS X.

It consists of several components: the installer which is distributed in the guise of a legitimate application; the agent which performs a variety of tasks (for example, it processes intercepted data, checks which applications are installed in the system, and updates itself); as well as browser extensions for filtering traffic, performing the functions of the agent, and communicating with the intruder’s command and control (C&C) server. The malware’s main objective is to monitor traffic and private data transmitted by bitcoin mining applications. Also, if Bitcoin-Qt is installed on an infected computer, Trojan.CoinThief modifies this program and steals the private data stored by the application. Criminals can use the information obtained to conduct unauthorised transactions using the victim's digital currency.

Trojan.CoinThief’s signature has been added to the virus database, so Macs that have Dr.Web for Mac OS X installed on them are fully protected from this threat.

Tell us what you think

You will be awarded one Dr.Webling per comment. To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.


Other comments

The Russian developer of Dr.Web anti-viruses

Doctor Web has been developing anti-virus software since 1992

Dr.Web is trusted by users around the world in 200+ countries

The company has delivered an anti-virus as a service since 2007

24/7 tech support

© Doctor Web
2003 — 2019

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125040