StealthBit, an apparently legitimate Bitcoin stealth address app that has been advertised on Reddit and posted to GitHub, is actually a malicious piece of OS X software capable of stealing your Bitcoins, and does so by installing a covert extension that then goes about surveying your Web browser’s activity.
Recently discovered by OS X security research firm SecureMac, the Trojan, which has been doing the rounds for a few weeks, first really rose to prominence when Reddit user trevorscool advertised it over on the Bitcoin subreddit. The post linked to his GitHub account where unwitting users could download the open-source utility, but the penny quickly dropped when /r/Bitcoin become inundated with complaints from angry users that their Bitcoin wallets had been cleaned out.
The app operates under the guise that can send and receive anonymous Bitcoin payments, but unfortunately, the only sending being done is by the “OSX/CoinThief.A.” Trojan, pushing your Bitcoins straight over to treverscool (thomasrevor on GitHub, before he was removed completely from the site).
The way it works is fairly simple. You download StealthBit, the Trojan secretly installs extensions into Chrome, Safari, and possibly Firefox without your knowledge, and trawls through browser data in an attempt to find anything related to Bitcoin sites. Specifically, it seeks out your login credentials, and once it finds them, you’re at very high risk of losing your accumulation of Bitcoins for good.
Worryingly, the Trojan can also send back usernames and UUIDs to the servers of StealthBit, which means that even after your Bitcoin wallet has been compromised, you’re still potentially susceptible to further loss.
The extensions installed by StealthBit operate under the guise of “Pop-Up Blocker,” and if you happen to have installed the app, make sure promptly you delete it, along with the extensions, and report the issue to Apple.
This isn’t the first time an app posted up on Reddit has been discovered as a Bitcoin-stealing utility, either. Last year, many users were stung by BitVanity, an OS X app that readily cleaned out Bitcoin wallets, and with this more recent activity, Bitcoin miners will have to remain vigilant and skeptical of any app they can just pluck from GitHub without any real prior knowledge.
Apple has yet to release a statement on the matter, but we’d expect some kind of response in the immediate future.