Downloads appearing on the web that claim to be cracked versions of popular Mac applications such as Pixelmator and Delicious Library in reality contain a Bitcoin stealing trojan. The OSX/CoinThief.A malware was discovered in popular Bitcoin software earlier this month by SecureMac.
The trojan initially surfaced on open source software hosting site GitHub, and it was quickly bundled into several Bitcoin apps available through multiple download sites. Further investigation by ESET has now uncovered the trojan masquerading as cracked versions of popular Mac apps such as BBEdit, Pixelmator, Angry Birds, and Delicious Library.
OSX/CoinThief.A is a malicious browser add-on that intercepts login information for Bitcoin wallet sites and exchanges. The stolen login credentials are then forwarded to the developer of the malware.
Detection statistics gathered by ESET LiveGrid indicate the threat is mostly active among Mac users in the United States.
Mac users should note that downloading any type of pirated software introduces the possibility of infection of their systems, and should always download their software from known good sources such as the developer’s website, or the Mac App Store.
For instructions on how to check for and remove the malware read the SecureMac blog post.