ESET Warns Mac Users on OSX/CoinMalware: Disguised as Angry Birds and other Popular Apps


ESET, global provider of security solutions for businesses and consumers, warned Mac users not to download pirated software from file-sharing peer-to-peer networks, as ESET researchers have discovered Bitcoin-stealing malware OSX/Coin being spread via cracked apps.


The malware, OSX/Coin thief, was first discovered in February 2014 by researchers at SecureMac, and was found to steal login credentials related to various Bitcoin-related exchanges and wallet sites via malicious browser add-ons.  There is clearly strong evidence that the trojan was specifically designed to profit from the current Bitcoin craze and fluctuating exchange rates.

Their researchers found that the malware had been disguised as trojanised versions of Bitcoin Ticker TTM (To The Moon), BitVanity, StealthBit and Litecoin Ticker, and distributed through popular download sites including and

However, the malware experts at ESET labs have also seen OSX/CoinThief spread through torrents as cracked versions of the following popular Mac OS X applications:

  • BBEdit – an OS X text editor
  • Pixelmator – a graphics editor
  • Angry Birds – a game of trebuchet-powered temperamental avian bombardment
  • Delicious Library – a media cataloguing application

According to detection statistics gathered by the ESET LiveGrid, the threat is mostly active amongst Mac users based in the United States.


  • Update your anti-virus product, and resist the temptation to download cracked and pirated software.
  • Download apps from Mac App store only