OS X Guarded Against OSX/CoinThief Malware via XProtect Update

Trojan disguises itself as Bitcoin Ticker TTM and Litecoin Ticker

By on February 14th, 2014 09:43 GMT

This week Apple updated XProtect to defend against the two known variants of OSX/CoinThief, a new piece of malware targeting Macintosh computers.

According to SecureMac, “The malware is taking the place of the main binary in the trojanized versions of Bitcoin Ticker TTM and Litecoin Ticker, and is set up to run as an agent with a setting for LSUIElement in the Info.plist file.”

A real copy of the Bitcoin Ticker TTM/Litecoin Ticker main binary is hidden in the app bundle, and the app doesn’t show up in the OS X Dock.

“The first time a user runs the trojanized version of Bitcoin Ticker TTM or Litecoin Ticker, the invisible malware program is launched instead,” according to the security company.

Not surprisingly, Apple on Wednesday updated the XProtect anti-malware mechanism on Macs running OS X 10.7+ to defend against the newly-found virus. The change has been noticed only recently.

Comments