Mac OS X Bitcoin Stealing Trojan Horse Called OSX/CoinThief Discovered

An anonymous reader writes "SecureMac.com has discovered a new trojan horse for Mac OS X called OSX/CoinThief.A, which spies on web traffic to steal Bitcoins. This malware has been found in the wild, along with numerous reports of stolen coins. The malware, which comes disguised as an app to send and receive payments on Bitcoin Stealth Addresses, instead covertly monitors all web traffic in order to steal login info for Bitcoin wallets."

unpossible!

There's no such thing as malware for Mac and there never has been.

Re: unpossible!

[LordLimecat]

In essence, its not even a trojan horse but an app that does hidden, malicious things.

Im pretty sure you just gave us the textbook definition of what a trojan is.

> 1 million malware

With such accurate facts (there are more than a million "malwares" for Unix as well) Im sure you are well qualified to make such a determination.

Re:There can be but damage is more limiting

[tlhIngan]

Also with Mavericks gatekeeper would preset you with a nice juicy dialog preventing you from running this untrusted and unsigned malware. You would have to take several steps of your own volition to run it at all...

You Mac haters are saying you don't want the Mac to turn into iOS. Well which is it? Let users run unapproved software after several "Are you sure" kinds of stopping points? Or only allow signed binaries on the system?

All the Apple haters have missed the fact that Gatekeeper is remarkably balanced. You can choose - go all the way with a walled garden, all the way with unsigned binaries, or go walled garden with the option to allow people to sign the code (semi-walled garden) (the default setting, too).

It costs a developer $99, or for orgs like Mozilla, they have two from Apple - a production signing version and a beta signing version, in case either one gets revoked for whatever reason.

But it allows apps that doesn't require Apple to approve - the developer buys a cert and Apple has no say in what it's used to sign. Of course, if it's hacked or stolen, Apple can revoke it (happened a few times already when some trojan hijacked a developer's certificate - Apple revoked it and that trojan couldn't run easily anymore).

Of course, there's another subtlety that is not mentioned about Gatekeeper - it only triggers on stuff downloaded from the Internet. The output of your program you just compiled? Will not trigger Gatekeeper as it's assumed the dev tools are "safe".

And since developers need to develop, and companies like Adobe, Microsoft and others need to get around the App Store limitations (or even Autodesk, who wants to use the App Store, but finds the $999.99 max price limiting), ensures the Mac will never "close off" and be walled like iOS. After all, on a Mac, it needs to run untrusted binaries somehow in order for developers to well, develop.

That, and it's so bloody easy to jailbreak a Mac if you really needed to - just pop out the hard drive, or plug it into the PCIe slot in your PC. Or just run Windows and a Windows based jailbreak app. Or Linux.

Re:Slashcott!

[TubeSteak]

http://www.diceholdingsinc.com/phoenix.zhtml?c=211152&p=irol-newsArticle&ID=1896508
Feb. 4, 2014

Recent Developments

Slashdot Media was acquired to provide content and services that are important to technology professionals in their everyday work lives and to leverage that reach into the global technology community benefiting user engagement on the Dice.com site. The expected benefits have started to be realized at Dice.com. However, advertising revenue has declined over the past year and there is no improvement expected in the future financial performance of Slashdot Media's underlying advertising business. Therefore, $7.2 million of intangible assets and $6.3 million of goodwill related to Slashdot Media were reduced to zero.

Be seeing you.