|Image Credits: ThreatPost.|
CoinThief malware is designed to steal Bitcoins login credentials from victim as well as Mac's username and UUID(unique identifier), also collects information about the list of Bitcoin related apps installed on the system.
Few days back, SecureMac spotted this Trojan is being hosted under the name of "Stealthbit" on GitHub and downloaded by hundreds of users. One user from reddit also pointed out the similarity between an one year old fake bitcoin related app "BitVanity" and stealthbit.
Now, experts at SecureMac have spotted one more variant being hosted under the name of "Bitcoin Ticker TTM" and "Litecoin Ticker" on popular download sites. These app names appear to have been taken from legitimate apps in the Mac app store.
This version also installs fake browser extension called as Pop-up Blocker in Chrome, safari and firefox. The malicious extension attempts to sniff on the web traffic to steal bitcoin login credentials. It will communicate with the background process and send collected data to a remote server.
SecureMac has explained how to check whether malware is installed on your system and how to remove this CoinThief malware.
The developer of legitimate Bitcoin Ticker TTM app said he has no connection with download.com & Macupdate.com and recommends users to download the app from Mac app store.