Watch out! Mac malware spread disguised as cracked versions of Angry Birds, Pixelmator and other top apps

Next story

ESET®, the global leader in proactive digital protection, today warn Mac users not to download pirated software from file-sharing peer-to-peer networks, as ESET researchers have discovered Bitcoin-stealing malware being spread via cracked apps.
The OSX/CoinThief trojan infects computers running Mac OS X, stealing login credentials related to various Bitcoin exchanges and wallet sites by installing malicious browser add-ons.
ESET malware experts have revealed that CoinThief is now being spread via P2P file-sharing networks, disguised as cracked versions of the following popular Mac OS X applications:

  • BBEdit – an OS X text editor
  • Pixelmator – a graphics editor
  • Angry Birds – a game of trebuchet-powered temperamental avian bombardment
  • Delicious Library – a media cataloguing application

“The hackers behind the CoinThief trojan are trying to cash in on the current Bitcoin craze and fluctuating exchange rates by breaking into users’ digital wallets,”
said security researcher Graham Cluley, who wrote about the threat on ESET’s We Live Security blog.
“As ESET’s research team has shown, mac users who download and install pirated software from torrent sites are not only depriving developers of their rightful income, but putting their computers and finances at risk.”

According to detection statistics gathered by the ESET LiveGrid, the threat is mostly active amongst Mac users based in the United States.
CoinThief was first spotted earlier this month by SecureMac researchers, who found it had been distributed via popular download sites such as and, disguised as trojanised versions of Bitcoin Ticker TTM (To The Moon), BitVanity, StealthBit and Litecoin Ticker.
Whether you’re a Bitcoin-enthusiast or not, Mac users are strongly recommended to protect their computers with an up-to-date anti-virus product, and to resist the temptation to download cracked and pirated software.
Visit ESET’s WeLiveSecurity blog to read more information on OSX/CoinThief, and for instructions for cleaning up infected devices.

About ESET

ESET®, the pioneer of proactive protection and the maker of the award-winning ESET NOD32® technology, is a global provider of security solutions for businesses and consumers. For over 26 years, the Company continues to lead the industry in proactive threat detection. By obtaining the 80th VB100 award in June 2013, ESET NOD32 technology holds the record number of Virus Bulletin "VB100” Awards, and has never missed a single “In-the-Wild” worm or virus since the inception of testing in 1998. In addition, ESET NOD32 technology holds the longest consecutive string of the VB100 awards of any AV vendor. ESET has also received a number of accolades from AV-Comparatives, AV-TEST and other testing organizations and reviews. ESET NOD32® Antivirus, ESET Smart Security®, ESET Cyber Security® (solution for Mac), ESET® Mobile Security and IT Security for Business are trusted by millions of global users and are among the most recommended security solutions in the world.The Company has global headquarters in Bratislava (Slovakia), with regional distribution centers in San Diego (U.S.), Buenos Aires (Argentina), and Singapore; with offices in Jena (Germany), Prague (Czech Republic) and Sao Paulo (Brazil). ESET has malware research centers in Bratislava, San Diego, Buenos Aires, Singapore, Prague, Košice (Slovakia), Krakow (Poland), Montreal (Canada), Moscow (Russia) and an extensive partner network for more than 180 countries. More information is available via About ESET and Press Center.