Hide your Bitcoin, hide your kids, hide your wife…there’s a new piece of Mac malware in town. According to security software company Eset, a newly discovered Mac trojan called OSX/CoinThief masquerades itself as “cracked” versions of popular Mac apps. And once it gets onto your system, it’ll try to steal any Bitcoin you’ve mined by stealing login information for various Bitcoin exchanges and wallet sites. Yikes.
Eset says that the trojan disguises itself as popular apps like BBEdit, Pixelmator, Angry Birds, and Delicious Library, and that it uses “malicious browser add-ons”—presumably plug-ins and extensions—to steal your login credentials.
Eset says the app has also been found as spoofed versions of popular crypto-currency apps: While the version disguised as popular apps is being distributed through torrents, the one hiding behind the guise of crypto-currency apps had made its way onto sites like MacUpdate and Cnet Download.com. With that in mind, Eset recommends you avoid pirating software (duh) and download apps straight from the developers instead of from alternative download sites.
If you were unlucky enough to get infected, SecureMac has instructions on how to remove this malware from your computer.
If you have Gatekeeper set to only allow apps downloaded from the Mac App Store, you probably don’t have too much to worry about since you shouldn’t be able to run these apps to begin with (unless you manually bypass Gatekeeper, anyway).
At this time, we’re not sure if adjusting your Gatekeeper settings to only allow apps from identified developers will block this trojan. No matter what, be careful of where you download your apps, and if in doubt, get your apps directly from the source, as Eset recommends.