February 13, 2014
Doctor Web's security researchers know of several Trojan.CoinThief modifications. The first samples were discovered in autumn 2013 when the bitcoin exchange rate was growing rapidly. The program is disguised as legitimate mining applications, such as BitVanity, StealthBit, Bitcoin Ticker TTM, and Litecoin Ticker. Trojan.CoinThief infects computers running Mac OS X.
It consists of several components: the installer which is distributed in the guise of a legitimate application; the agent which performs a variety of tasks (for example, it processes intercepted data, checks which applications are installed in the system, and updates itself); as well as browser extensions for filtering traffic, performing the functions of the agent, and communicating with the intruder’s command and control (C&C) server. The malware’s main objective is to monitor traffic and private data transmitted by bitcoin mining applications. Also, if Bitcoin-Qt is installed on an infected computer, Trojan.CoinThief modifies this program and steals the private data stored by the application. Criminals can use the information obtained to conduct unauthorised transactions using the victim's digital currency.
Trojan.CoinThief’s signature has been added to the virus database, so Macs that have Dr.Web for Mac OS X installed on them are fully protected from this threat.
Tell us what you think
To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.