SecureMac is confirming the latest Mac trojan they call OSX/CoinThief.A. The malware focuses on Mac users and spies on the user’s traffic to steal Bitcoins. They are saying the malware is in the wild and have numerous accounts of stolen Bitcoins.
The malware is being spread via an app referred to as “StealthBit” which up to now, was readily available for download from Github. The original source code version didn’t match the precompiled version, the latter of which included the malevolent payload. StealthBit claims to allow you to send and receive on Bitcoin Stealth Addresses.
The malware installs web browser extensions for Safari and Google Chrome along with a independent background program, all of these monitor website traffic searching for login credentials for Bitcoin websites and wallet sites. It sends these credentials to a remote server. The browser plug-ins identify themselves as popup blockers.
SecureMac also cites a recent post on reddit of a user who lost 20 Bitcoins, which is, at the time of this article, around 13,000 USD.