Bitcoin wallet location Mac
A small number of Bitcoin wallets have been raided by a newly discovered Trojan that gobbles up credentials used to guard the digital currency.
OSX/CoinThief.A was found in the wild by a security consultancy specializing in Apple security called SecureMac; the malware was spreading on GitHub via a malicious app,which has since been removed from the code repository.
“At this time we’ve seen multiple reports on Reddit and other Bitcoin forums with users indicating that they’ve fallen victim to the malware,but we do not yet know the full scope of the malware distribution, ” SecureMac lead developer Nicholas Ptacek said. “As news of this malware spreads,more victims will probably come forward.”
Aabout the incident seems to link the author of the app called Stealthbit used to spread CoinThief to a previous attack targeting Bitcoin credentials carried out through an app called Bitvanity. The author of CoinThief went by the handle trevorscool or Thomas Revor,while the Bitvanity GitHub account was registered to a Trevory. The person posting said the Bitvanity app lifted more than 20 Bitcoins—an approximate value of $14, 000 USD.
“The malware author tried to take down the malicious binary from Github yesterday,and possibly didn’t realize that it would still be available from the commit history, ” Ptacek said. “At some point in the afternoon,the entire Github page for StealthBit was 404′ing,but we are not sure if the malware author deleted his account,or if the page was taken down by Github.”
StealthBit pretends to be an app used to send and receive payments on Bitcoin Stealth Addresses. Instead,when victims install it,their web browsing traffic is monitored by the Trojan,which sniffs out login credentials for Bitcoin wallets.
“At this time there does not appear to be any vulnerability that the malware is exploiting,but rather it is a classic case of social engineering, ” Ptacek said. “The infected users thought they were installing an app to send and receive payments on Bitcoin Stealth Addresses,but the app did more than was advertised when it installed the malware. Since the user was intending to install the app,Gatekeeper warnings wouldn’t have been effective at stopping those users from running the app.”
The consultancy said the CoinThief Trojan is a dropper that installs browser extensions on Safari and Chrome running on OS X. The extensions keep tabs on Web traffic from the browsers and watches for log-in attempts on pre-loaded Bitcoin exchanges such as Mt. Gox and BTC-e and wallet sites such as blockchain.info. The extensions,meanwhile,are generically named “Pop-up Blocker, ” and arrive with an equally generic description that wouldn’t raise suspicions with the user or security researchers.