Apple Macbooks could be affected by undetectable Thunderstrike threat, states researcher
The CoinThief malware targets computers running Apple's Mac OS X and seeks to steal your bitcoins. Reuters

A new piece of malware called CoinThief monitors your web traffic in order to steal your bitcoins.

The malware targets Apple's Mac OS X software and once installed on your system, the malware - which disguises itself as a bitcoin wallet app - can monitor all your web traffic in order to steal login credentials for online bitcoin wallets.

The malware was discovered by SecureMac, a security company specialising in Apple systems, which identified the Trojan horse as OSX/CoinThief.A.

StealthBit app

The software has been disguised by its authors as a legitimate bitcoin wallet called StealthBit which allows users to send and receive bitcoin transaction using what are called stealth addresses which allow for more anonymous payments.

Both the valid and malicious versions of StealthBit were available from the open source software repository GitHub - but the page has now been removed.

When users download the malicious version, OSX/CoinThief.A acts as a dropper and installs browser extensions on the Chrome and Safari browsers which monitor all your internet traffic without your knowledge.

Mt Gox credentials

The extensions are searching for login credentials for many of the most popular bitcoin exchanges such as Mt Gox and BTC-e along with bitcoin wallet sites like blockchain.info.

SecureMac says: "When login credentials are identified, such as when a user logs in to check their bitcoin wallet balance, another component of the malware then sends the information back to a remote server run by the malware authors."

One Reddit user over the weekend reported a theft of 20 bitcoins as a result of installing this malware which, at current prices, equates to around £8,000.

Send and receive

The malware is sophisticated enough to both send information to and receive commands from a remote server, meaning the cybercriminals can add to the functionality of the malware by updating it to a new version.

The informaiton sent back to the server controlling the malware is not limited to login credentials for bitcoin wallets but also includes the username and UUID (unique identifier) for the infected Mac, as well as the presence of a variety of bitcoin-related apps on the system.