Published on February 15th, 2014 📆 | 5625 Views ⚑0
Bitcoin stealing Mac malware found to be hosted on Download.com and MacUpdate.com
Now, experts at SecureMac have spotted one more variant being hosted under the name of "Bitcoin Ticker TTM" and "Litecoin Ticker" on popular download sites. These app names appear to have been taken from legitimate apps in the Mac app store.
This version also installs fake browser extension called as Pop-up Blocker in Chrome, safari and firefox. The malicious extension attempts to sniff on the web traffic to steal bitcoin login credentials. It will communicate with the background process and send collected data to a remote server.
SecureMac has explained how to check whether malware is installed on your system and how to remove this CoinThief malware.
The developer of legitimate Bitcoin Ticker TTM app said he has no connection with download.com & Macupdate.com and recommends users to download the app from Mac app store.