Mac OS X Bitcoin Stealing Trojan Horse Called OSX/CoinThief Discovered 108
An anonymous reader writes "SecureMac.com has discovered a new trojan horse for Mac OS X called OSX/CoinThief.A, which spies on web traffic to steal Bitcoins. This malware has been found in the wild, along with numerous reports of stolen coins. The malware, which comes disguised as an app to send and receive payments on Bitcoin Stealth Addresses, instead covertly monitors all web traffic in order to steal login info for Bitcoin wallets."
Re: (Score:1)
"Do you mean WinXP or Win8?"
Yes.
unpossible! (Score:4, Funny)
There's no such thing as malware for Mac and there never has been.
Re: unpossible! (Score:1, Insightful)
Said no one ever. Not even Steve Jobs.
There are no viruses. Learn the difference between a virus and a trojan horse.
In essence, its not even a trojan horse but an app that does hidden, malicious things.
Now compare that to the > 1 million malwares for Windows (adding dozens and hundreds every day) and tell me which one is safer?
Re: (Score:2)
oooh yes let's split hairs! while we're at it the Anonymous "hackers" are actually not hackers, they are "crackers"!
Kind of a big hair there... One installs itself, and the other has to be installed by a user.
Re: (Score:1)
oooh yes let's split hairs! while we're at it the Anonymous "hackers" are actually not hackers, they are "crackers"!
Kind of a big hair there... One installs itself, and the other has to be installed by a user.
That old distinction isn't really relevant anymore. What would you call Mac Flashback? (btw. the biggest malware epidemic in modern times in terms of percentage of user base infected, beat even Windows Conficker). There were versions of Mac Flashback that installed completely without user intervention or notice. And, "virus" of old isn't really the problem for Windows these days either.
Re: unpossible! (Score:5, Informative)
In essence, its not even a trojan horse but an app that does hidden, malicious things.
Im pretty sure you just gave us the textbook definition of what a trojan is.
> 1 million malware
With such accurate facts (there are more than a million "malwares" for Unix as well) Im sure you are well qualified to make such a determination.
Re: unpossible! (Score:4, Interesting)
Just call it malware instead of trying to correct their use of the metaphor.
Re: (Score:2)
The Trojan horse aspect is the social engineering bit, where you install something thinking it is ok when it is not.
So he does have a point after all -- that's what this is.
Re: (Score:2)
The widespread definition of a trojan is an application with a known function which has been repackaged with hidden, malicious / subversive functionality in addition to the normal functionality. Think AIM.exe which allows you to chat with buddies, but also opens a reverse SSH connection to the attacker.
I wasnt being facetious: GP was literally describing what a trojan "malware" is. The term is ancient, and so is the definition. Malware is a relatively recent, fairly ambiguous term: I'm not sure Ive ever
Re: (Score:2)
In essence, its not even a trojan horse but an app that does hidden, malicious things.
Im pretty sure you just gave us the textbook definition of what a trojan is.
Perhaps he was expecting a condom
Re: (Score:2)
Horse size?
Re: (Score:3)
There are no viruses. Learn the difference between a virus and a trojan horse.
Your semantics aren't going to get those bitcoins back.
Re: (Score:1)
Yeah, no amount of facts will get those back. So we might as well ignore the facts.
Re: (Score:2)
The fact is that a bunch of Mac users who thought their systems were secure, rightly or wrongly, lost a bunch of money.
Re: (Score:2)
What, that's the only fact you can see? How small minded of you.
Re: (Score:2)
The fact is that a bunch of Mac users who thought their systems were secure, rightly or wrongly, lost a bunch of money.
Those would be the handful of morons who bought into BitCoins in the first place.
There can be but damage is more limiting (Score:3, Informative)
Everyone has known forever you can have malware on a Mac. That's hardly a surprise.
But malware is more limited on a Mac than other systems - for one thing no users run as admin as they do on Windows.
Also with Mavericks gatekeeper would preset you with a nice juicy dialog preventing you from running this untrusted and unsigned malware. You would have to take several steps of your own volition to run it at all...
You Mac haters are saying you don't want the Mac to turn into iOS. Well which is it? Let users
Re:There can be but damage is more limiting (Score:5, Informative)
All the Apple haters have missed the fact that Gatekeeper is remarkably balanced. You can choose - go all the way with a walled garden, all the way with unsigned binaries, or go walled garden with the option to allow people to sign the code (semi-walled garden) (the default setting, too).
It costs a developer $99, or for orgs like Mozilla, they have two from Apple - a production signing version and a beta signing version, in case either one gets revoked for whatever reason.
But it allows apps that doesn't require Apple to approve - the developer buys a cert and Apple has no say in what it's used to sign. Of course, if it's hacked or stolen, Apple can revoke it (happened a few times already when some trojan hijacked a developer's certificate - Apple revoked it and that trojan couldn't run easily anymore).
Of course, there's another subtlety that is not mentioned about Gatekeeper - it only triggers on stuff downloaded from the Internet. The output of your program you just compiled? Will not trigger Gatekeeper as it's assumed the dev tools are "safe".
And since developers need to develop, and companies like Adobe, Microsoft and others need to get around the App Store limitations (or even Autodesk, who wants to use the App Store, but finds the $999.99 max price limiting), ensures the Mac will never "close off" and be walled like iOS. After all, on a Mac, it needs to run untrusted binaries somehow in order for developers to well, develop.
That, and it's so bloody easy to jailbreak a Mac if you really needed to - just pop out the hard drive, or plug it into the PCIe slot in your PC. Or just run Windows and a Windows based jailbreak app. Or Linux.
Re: (Score:2)
"You Mac haters are saying you don't want the Mac to turn into iOS."
That statement doesn't make sense. It implies that the "haters" think that Mac OS X is a good thing.
Who ever said Mac haters make any sense? It is their claim after all.
No... (Score:2)
That statement doesn't make sense. It implies that the "haters" think that Mac OS X is a good thing.
Mac haters use any possible excuse why they do not run a Mac, and that is one of them (they claim it is "turning into iOS" when plainly that is not the case).
Also as the other responder noted, the traditional Apple Hater is short of reason as it is so you attempt to apply logic to behavior is dubious at best.
Re: (Score:3)
Macs let you sudo any time an application requests, which is pretty much the same as Windows. Even an admin account in windows will at least force you to click through if an application wants to make admin privileged changes.
In both systems a lot of legitimate installs need this, so unwary users get used to allowing new programs admin/root access.
Re: (Score:3)
Macs let you sudo any time an application requests, which is pretty much the same as Windows. Even an admin account in windows will at least force you to click through if an application wants to make admin privileged changes.
OSX does more than make you "click through". Privileged operations require a password.
No, some things will not run (Score:2)
Macs let you sudo any time an application requests
Some things will not launch at all unless you disable, or work around gatekeeper. If I download an unsigned executable I cannot just run it, I have to right-click and select open to force Gatekeeper to run it. That's a pretty good default level of security.
Then after that point - yes an application can request further access, but it's a pretty glaring thing to pull up the password prompt. Even non technical users would think a little about why that was ha
Re:unpossible! (Score:4, Insightful)
Re:unpossible! (Score:4, Interesting)
To be fair, Apple does a hell of a lot to prevent user stupidity from installing Malware. Such as blacklisting known malware nearly immediately (as soon as Apple reverse engineers it, its signature is pushed out to ever mac user via a list that is updated every 24 hours).
The sad thing is and a major security flaw of Apple's is that they create trust with third parties based on code signing. This allows code signed malware to skip the normal malware checks in Mac OS X. (It's super trivial to get multiple code signing certs from Apple and Apple doesn't verify code certs applications for individuals)
Re: (Score:2)
Re: (Score:1, Troll)
There's no such thing as malware for Mac and there never has been.
MS Office on Mac has been there for a long long time..... http://en.wikipedia.org/wiki/M... [wikipedia.org]
Re: (Score:3)
Re: (Score:2)
The platform is so locked-down, you can't even run malware.
Re: (Score:1)
Re: (Score:1)
And Bitcoins are completely secure.
Re: (Score:1)
They are! Let's see the victims try to get their money back. They can't, it's securely stolen.
No chargebacks, bitch!
Re: (Score:2)
Slashcott! (Score:3, Insightful)
This site used to be great. Even in it's latter days, it's been good. That is poised to change. Before long, it will be mediocre, and ordinary.
I didn't see a problem when Dice Holdings initially bought Slashdot. I figured there would be efforts to drive nerd traffic towards their job listings and such. That was fine. We all need jobs.
Things have changed now. Beyond the shifts in story choices, the slashvertisements, and so on, something fundamental has changed: Slashdot's owners do not appreciate it.
Their recent financials show that they have written its value as an asset down to zero. They have legally claimed it to be worthless. That is at the root of what is happening now. They want to fundamentally change the nature of this site in order to remake it into something with big growth potential.
Beta is just the latest symptom of this disease. It will not be the last. In striving to make it into a site that will bring them a growing user base and growing revenue per user, they have shown a willingness to dumb down the interface in the name of making it more accessible to newcomers, to cast aside essential elements of decade-spanning community culture, and to plow ahead with changes in the face of overwhelmingly negative user feedback.
This is not going to change. This will not go away. I will not support it.
I will be gone for this entire week, in protest. While away, I will work to create a new community where things can be run with quality user discussions as the paramount objective.
Be seeing you.
Re: (Score:1)
I will work to create a new community where things can be run with quality user discussions as the paramount objective..
Where? I might want to join.
Re:Slashcott! (Score:4, Informative)
Wohoo, two minutes left, I can reply.
http://www.soylentnews.org/wik... [soylentnews.org]
www.soylentnews.org/Forum/
http://webchat.freenode.net/ [freenode.net] channel ##altslashdot.
Out.
Re: (Score:2)
Call me when soylentnews.org points to a news site.
Re: (Score:2)
If the net effect of beta is fucktards like you going elsewhere, it might be a net positive outcome.
Re: (Score:2)
I will be gone for this entire week, in protest.
Same. I hope that we can then see incremental improvements to this site taking into consideration feedback from the users/contributors, and that they can then drop the mentality that we are just eyeballs to put as many advertising dollars in front of. Sadly, I'm not hopeful.
See you in a week, I'm out.
Re: (Score:1)
Begone and good riddence to your vandalizing of channels.
Re: (Score:2)
Re:Slashcott! (Score:5, Interesting)
http://www.diceholdingsinc.com/phoenix.zhtml?c=211152&p=irol-newsArticle&ID=1896508 [diceholdingsinc.com]
Feb. 4, 2014
Recent Developments
Slashdot Media was acquired to provide content and services that are important to technology professionals in their everyday work lives and to leverage that reach into the global technology community benefiting user engagement on the Dice.com site. The expected benefits have started to be realized at Dice.com. However, advertising revenue has declined over the past year and there is no improvement expected in the future financial performance of Slashdot Media's underlying advertising business. Therefore, $7.2 million of intangible assets and $6.3 million of goodwill related to Slashdot Media were reduced to zero.
Be seeing you.
Re: (Score:2)
I read that over and over again and I figured out what that paragraph actually means. It means that they are liars. Advertising revenue has declined, so they are claiming that it is zero. Meanwhile, they have grossly overvalued Slashdot, so this lie follows an earlier lie. Send in the clowns [at the SEC!]
Re: (Score:2)
Slashdot is dying. Diceholdings Inc. confirms it.
Re: (Score:1)
>> I will work to create a new community where things can be run with quality user discussions as the paramount objective.
and before long, you will be cashing out too... CmdrTaco did.
oooh the $weet money.
change is the only constant, as someone once said. Dice saw the high-flying twitters and facebooks, and said; hey, how to increase slashdot users, to make more money? how? how? howwww?
all this, is only natural.
Re:Beta Fightback (Score:1)
Whilst I, like every else here, seem to hate the changes being made here, are all the people here who post complaints here totally IT incapable?
If anyone here reads /. using firefox, it doesn't take a huge degree of effort to edit the HTML 'on the fly', and strip out all the offensive code. Has anyone looked at the RSS feed lately? It is abominable!
SOLUTION: Install Stylish [mozilla.org], and voila. Complete control to throw away all the crap.
We probably should set up a community-driven recipe that everyone can download
Re: (Score:1, Redundant)
Using unsigned apps to handle your money? (Score:2)
Brilliant!
OK, I'm assuming here that the app is unsigned. Its interesting that reporters at security news sites don't seem to care.
Doing it the lazy way (Score:2)
Two Step (Score:2)
Any of the big exchanges (and most of the medium sized ones) offer two step authentication. If someone is storing coins online, whether at an exchange or in an online wallet, then two step auth is mandatory.
Seeing how sites can vanish overnight I wouldn't advise using an online wallet anyway. Keep a personal encrypted wallet, and only move coins on to exchanges long enough to do transactions.
OSX/CoinThief ??? (Score:2)
Re: (Score:1)
Re: (Score:3)
Isn't that a bit of a giveaway, if you write a Trojan and call it OSX/CoinThief? I know there are people out there who think people buying Macs do so because they are too stupid to handle real computers, but nobody could possibly think they are stupid enough to install an app called OSX/CoinThief? Is that how the trojan was found? Someone thought the name is a bit suspicious and started looking?
OSX/CoinThief.A is the name the security reseachers gave the trojan. The actual application was called StealthBit.
Re: (Score:2)
Bitcoins? Thank God! (Score:1)
For a moment I thought we were talking about MONEY!
Re: (Score:2)
Re: (Score:2)
A few misguided or otherwise benighted induhviduals who believe Bitcoin is money doesn't make it so.
But Bitcoin is just like currency... (Score:2)
Uh-huh. Sure.
Re: (Score:3)
There are definite negatives to using credit cards, but they have advantages as well.
Re: (Score:2)
Had this been a case of your money being stolen from a real bank you would have several methods of recourse.