Forgot your password?
typodupeerror
Bitcoin Crime OS X Security The Almighty Buck

Mac OS X Bitcoin Stealing Trojan Horse Called OSX/CoinThief Discovered 108

Posted by timothy
from the willie-sutton-principle dept.
An anonymous reader writes "SecureMac.com has discovered a new trojan horse for Mac OS X called OSX/CoinThief.A, which spies on web traffic to steal Bitcoins. This malware has been found in the wild, along with numerous reports of stolen coins. The malware, which comes disguised as an app to send and receive payments on Bitcoin Stealth Addresses, instead covertly monitors all web traffic in order to steal login info for Bitcoin wallets."
This discussion has been archived. No new comments can be posted.

Mac OS X Bitcoin Stealing Trojan Horse Called OSX/CoinThief Discovered

Comments Filter:
  • unpossible! (Score:4, Funny)

    by Anonymous Coward on Monday February 10, 2014 @01:39AM (#46207863)

    There's no such thing as malware for Mac and there never has been.

    • Re: unpossible! (Score:1, Insightful)

      by Anonymous Coward

      Said no one ever. Not even Steve Jobs.

      There are no viruses. Learn the difference between a virus and a trojan horse.

      In essence, its not even a trojan horse but an app that does hidden, malicious things.

      Now compare that to the > 1 million malwares for Windows (adding dozens and hundreds every day) and tell me which one is safer?

      • Re: unpossible! (Score:5, Informative)

        by LordLimecat (1103839) on Monday February 10, 2014 @02:25AM (#46208061)

        In essence, its not even a trojan horse but an app that does hidden, malicious things.

        Im pretty sure you just gave us the textbook definition of what a trojan is.

        > 1 million malware

        With such accurate facts (there are more than a million "malwares" for Unix as well) Im sure you are well qualified to make such a determination.

        • Re: unpossible! (Score:4, Interesting)

          by dbIII (701233) on Monday February 10, 2014 @04:39AM (#46208421)
          It's a metaphor for a big horse full of soldiers that opened a gate and let other stuff in so I think the AC has a valid point and your personal "textbook definition" does not.
          Just call it malware instead of trying to correct their use of the metaphor.
          • The Trojan horse aspect is the social engineering bit, where you install something thinking it is ok when it is not.

            So he does have a point after all -- that's what this is.

          • The widespread definition of a trojan is an application with a known function which has been repackaged with hidden, malicious / subversive functionality in addition to the normal functionality. Think AIM.exe which allows you to chat with buddies, but also opens a reverse SSH connection to the attacker.

            I wasnt being facetious: GP was literally describing what a trojan "malware" is. The term is ancient, and so is the definition. Malware is a relatively recent, fairly ambiguous term: I'm not sure Ive ever

        • by Chrisq (894406)

          In essence, its not even a trojan horse but an app that does hidden, malicious things.

          Im pretty sure you just gave us the textbook definition of what a trojan is.

          .

          Perhaps he was expecting a condom

      • There are no viruses. Learn the difference between a virus and a trojan horse.

        Your semantics aren't going to get those bitcoins back.

        • Yeah, no amount of facts will get those back. So we might as well ignore the facts.

          • The fact is that a bunch of Mac users who thought their systems were secure, rightly or wrongly, lost a bunch of money.

            • What, that's the only fact you can see? How small minded of you.

            • The fact is that a bunch of Mac users who thought their systems were secure, rightly or wrongly, lost a bunch of money.

              Those would be the handful of morons who bought into BitCoins in the first place.

    • Everyone has known forever you can have malware on a Mac. That's hardly a surprise.

      But malware is more limited on a Mac than other systems - for one thing no users run as admin as they do on Windows.

      Also with Mavericks gatekeeper would preset you with a nice juicy dialog preventing you from running this untrusted and unsigned malware. You would have to take several steps of your own volition to run it at all...

      You Mac haters are saying you don't want the Mac to turn into iOS. Well which is it? Let users

      • by tlhIngan (30335) <(ten.frow) (ta) (todhsals)> on Monday February 10, 2014 @02:44AM (#46208133)

        Also with Mavericks gatekeeper would preset you with a nice juicy dialog preventing you from running this untrusted and unsigned malware. You would have to take several steps of your own volition to run it at all...

        You Mac haters are saying you don't want the Mac to turn into iOS. Well which is it? Let users run unapproved software after several "Are you sure" kinds of stopping points? Or only allow signed binaries on the system?

        All the Apple haters have missed the fact that Gatekeeper is remarkably balanced. You can choose - go all the way with a walled garden, all the way with unsigned binaries, or go walled garden with the option to allow people to sign the code (semi-walled garden) (the default setting, too).

        It costs a developer $99, or for orgs like Mozilla, they have two from Apple - a production signing version and a beta signing version, in case either one gets revoked for whatever reason.

        But it allows apps that doesn't require Apple to approve - the developer buys a cert and Apple has no say in what it's used to sign. Of course, if it's hacked or stolen, Apple can revoke it (happened a few times already when some trojan hijacked a developer's certificate - Apple revoked it and that trojan couldn't run easily anymore).

        Of course, there's another subtlety that is not mentioned about Gatekeeper - it only triggers on stuff downloaded from the Internet. The output of your program you just compiled? Will not trigger Gatekeeper as it's assumed the dev tools are "safe".

        And since developers need to develop, and companies like Adobe, Microsoft and others need to get around the App Store limitations (or even Autodesk, who wants to use the App Store, but finds the $999.99 max price limiting), ensures the Mac will never "close off" and be walled like iOS. After all, on a Mac, it needs to run untrusted binaries somehow in order for developers to well, develop.

        That, and it's so bloody easy to jailbreak a Mac if you really needed to - just pop out the hard drive, or plug it into the PCIe slot in your PC. Or just run Windows and a Windows based jailbreak app. Or Linux.

      • by Boronx (228853)

        Macs let you sudo any time an application requests, which is pretty much the same as Windows. Even an admin account in windows will at least force you to click through if an application wants to make admin privileged changes.

        In both systems a lot of legitimate installs need this, so unwary users get used to allowing new programs admin/root access.

        • Macs let you sudo any time an application requests, which is pretty much the same as Windows. Even an admin account in windows will at least force you to click through if an application wants to make admin privileged changes.

          OSX does more than make you "click through". Privileged operations require a password.

        • Macs let you sudo any time an application requests

          Some things will not launch at all unless you disable, or work around gatekeeper. If I download an unsigned executable I cannot just run it, I have to right-click and select open to force Gatekeeper to run it. That's a pretty good default level of security.

          Then after that point - yes an application can request further access, but it's a pretty glaring thing to pull up the password prompt. Even non technical users would think a little about why that was ha

    • Re:unpossible! (Score:4, Insightful)

      by smash (1351) on Monday February 10, 2014 @02:52AM (#46208147) Homepage Journal
      Trojan horses / user stupidity are OS independent.
      • Re:unpossible! (Score:4, Interesting)

        by Rosyna (80334) on Monday February 10, 2014 @07:50AM (#46208877) Homepage

        To be fair, Apple does a hell of a lot to prevent user stupidity from installing Malware. Such as blacklisting known malware nearly immediately (as soon as Apple reverse engineers it, its signature is pushed out to ever mac user via a list that is updated every 24 hours).

        The sad thing is and a major security flaw of Apple's is that they create trust with third parties based on code signing. This allows code signed malware to skip the normal malware checks in Mac OS X. (It's super trivial to get multiple code signing certs from Apple and Apple doesn't verify code certs applications for individuals)

        • by smash (1351)
          The whole point of code signing is that it relies on a chain of trust. As soon as your cert is used for any malware and that gets back to apple it will be revoked. This is the same for Windows.
    • Re: (Score:1, Troll)

      by monzie (729782)

      There's no such thing as malware for Mac and there never has been.

      MS Office on Mac has been there for a long long time..... http://en.wikipedia.org/wiki/M... [wikipedia.org]

    • The platform is so locked-down, you can't even run malware.

    • by PopeRatzo (965947)

      There's no such thing as malware for Mac and there never has been.

      And Bitcoins are completely secure.

      • by Anonymous Coward

        They are! Let's see the victims try to get their money back. They can't, it's securely stolen.
        No chargebacks, bitch!

    • Just like there are no proper removal or diagnostic tools for Mac either! Well, that one's actually true. Good luck to all you overpaying, elitist douchebags who bought a mac. Still think you're so much better than everyone else? All I have to say is Abra-cadabra-CUDA-support...POOF, there went your alleged advantage almost a decade ago. It's magic!
  • Slashcott! (Score:3, Insightful)

    by LaminatorX (410794) <sabotage@nosPaM.praecantator.com> on Monday February 10, 2014 @01:43AM (#46207887) Homepage

    This site used to be great. Even in it's latter days, it's been good. That is poised to change. Before long, it will be mediocre, and ordinary.

    I didn't see a problem when Dice Holdings initially bought Slashdot. I figured there would be efforts to drive nerd traffic towards their job listings and such. That was fine. We all need jobs.

    Things have changed now. Beyond the shifts in story choices, the slashvertisements, and so on, something fundamental has changed: Slashdot's owners do not appreciate it.

    Their recent financials show that they have written its value as an asset down to zero. They have legally claimed it to be worthless. That is at the root of what is happening now. They want to fundamentally change the nature of this site in order to remake it into something with big growth potential.

    Beta is just the latest symptom of this disease. It will not be the last. In striving to make it into a site that will bring them a growing user base and growing revenue per user, they have shown a willingness to dumb down the interface in the name of making it more accessible to newcomers, to cast aside essential elements of decade-spanning community culture, and to plow ahead with changes in the face of overwhelmingly negative user feedback.

    This is not going to change. This will not go away. I will not support it.

    I will be gone for this entire week, in protest. While away, I will work to create a new community where things can be run with quality user discussions as the paramount objective.

    Be seeing you.

    • by Anonymous Coward

      I will work to create a new community where things can be run with quality user discussions as the paramount objective..

      Where? I might want to join.

    • by pitchpipe (708843)

      I will be gone for this entire week, in protest.

      Same. I hope that we can then see incremental improvements to this site taking into consideration feedback from the users/contributors, and that they can then drop the mentality that we are just eyeballs to put as many advertising dollars in front of. Sadly, I'm not hopeful.

      See you in a week, I'm out.

    • Begone and good riddence to your vandalizing of channels.

    • by dbIII (701233)
      How many times do we have to read this "final message"?
    • Re:Slashcott! (Score:5, Interesting)

      by TubeSteak (669689) on Monday February 10, 2014 @05:00AM (#46208491) Journal

      http://www.diceholdingsinc.com/phoenix.zhtml?c=211152&p=irol-newsArticle&ID=1896508 [diceholdingsinc.com]
      Feb. 4, 2014

      Recent Developments

      Slashdot Media was acquired to provide content and services that are important to technology professionals in their everyday work lives and to leverage that reach into the global technology community benefiting user engagement on the Dice.com site. The expected benefits have started to be realized at Dice.com. However, advertising revenue has declined over the past year and there is no improvement expected in the future financial performance of Slashdot Media's underlying advertising business. Therefore, $7.2 million of intangible assets and $6.3 million of goodwill related to Slashdot Media were reduced to zero.

      Be seeing you.

      • by drinkypoo (153816)

        I read that over and over again and I figured out what that paragraph actually means. It means that they are liars. Advertising revenue has declined, so they are claiming that it is zero. Meanwhile, they have grossly overvalued Slashdot, so this lie follows an earlier lie. Send in the clowns [at the SEC!]

      • by Raenex (947668)

        Slashdot is dying. Diceholdings Inc. confirms it.

    • by rainhill (86347)

      >> I will work to create a new community where things can be run with quality user discussions as the paramount objective.

      and before long, you will be cashing out too... CmdrTaco did.

      oooh the $weet money.

      change is the only constant, as someone once said. Dice saw the high-flying twitters and facebooks, and said; hey, how to increase slashdot users, to make more money? how? how? howwww?

      all this, is only natural.

    • Whilst I, like every else here, seem to hate the changes being made here, are all the people here who post complaints here totally IT incapable?

      If anyone here reads /. using firefox, it doesn't take a huge degree of effort to edit the HTML 'on the fly', and strip out all the offensive code. Has anyone looked at the RSS feed lately? It is abominable!

      SOLUTION: Install Stylish [mozilla.org], and voila. Complete control to throw away all the crap.

      We probably should set up a community-driven recipe that everyone can download

  • Brilliant!

    OK, I'm assuming here that the app is unsigned. Its interesting that reporters at security news sites don't seem to care.

  • The obvious way to corner the bitcoin "market" now is distributed malware to "mine" the coins instead of stealing them.
  • Any of the big exchanges (and most of the medium sized ones) offer two step authentication. If someone is storing coins online, whether at an exchange or in an online wallet, then two step auth is mandatory.
    Seeing how sites can vanish overnight I wouldn't advise using an online wallet anyway. Keep a personal encrypted wallet, and only move coins on to exchanges long enough to do transactions.

  • Isn't that a bit of a giveaway, if you write a Trojan and call it OSX/CoinThief? I know there are people out there who think people buying Macs do so because they are too stupid to handle real computers, but nobody could possibly think they are stupid enough to install an app called OSX/CoinThief? Is that how the trojan was found? Someone thought the name is a bit suspicious and started looking?
    • by silverdr (779097)
      Some people are too stupid to handle "real" computers and some are too stupid to learn how malware is classified and what a malware index is. Hint: OSX/CoinThief.A is NOT a name of the program in question.
    • by mellyra (2676159)

      Isn't that a bit of a giveaway, if you write a Trojan and call it OSX/CoinThief? I know there are people out there who think people buying Macs do so because they are too stupid to handle real computers, but nobody could possibly think they are stupid enough to install an app called OSX/CoinThief? Is that how the trojan was found? Someone thought the name is a bit suspicious and started looking?

      OSX/CoinThief.A is the name the security reseachers gave the trojan. The actual application was called StealthBit.

      • I don't think I would install an application called StealthBit either. Sounds like an accident waiting to happen.
  • For a moment I thought we were talking about MONEY!

    • by tompaulco (629533)
      Yes, as we all well know, bitcoins are worthless and so therefore nobody would ever steal them and so therefore this whole article is a lie from Satan.
      • by mark_reh (2015546)

        A few misguided or otherwise benighted induhviduals who believe Bitcoin is money doesn't make it so.

  • ...only better.

    Uh-huh. Sure.
    • by dk20 (914954)
      Seems its "Greatest strength" is also its greatest weakness (anonymous transfers)?

      Had this been a case of your money being stolen from a real bank you would have several methods of recourse.

The meta-Turing test counts a thing as intelligent if it seeks to devise and apply Turing tests to objects of its own creation. -- Lew Mammel, Jr.

Working...