ESET Issues Warning About Mac Malware Disguised as Cracked Versions of Angry Birds, Pixelmator and Other Top Apps

ESET, the global leader in proactive digital protection, is warning Mac® users not to download pirated software from file-sharing peer-to-peer (P2P) networks in the wake of a new malware discovery. Researchers have discovered a Bitcoin-stealing malware called OSX/CoinThief being spread via cracked apps, apps often obtained by over-riding Apple’s standard security settings.

The OSX/CoinThief trojan infects computers running the Mac OS X platform®, stealing login credentials related to various Bitcoin exchanges and wallet sites by installing malicious browser add-ons.

ESET malware experts have discovered that CoinThief is being spread via P2P file-sharing networks, disguised as cracked versions of the following popular Mac OS X applications:

  • BBEdit – an OS X text editor
  • Pixelmator – a graphics editor
  • Angry Birds – a game where players use a slingshot to launch birds at their targets
  • Delicious Library – a media cataloguing application

“The hackers behind the CoinThief trojan are trying to cash in on the current Bitcoin craze and fluctuating exchange rates by breaking into users’ digital wallets,” said security researcher Graham Cluley, who wrote about the threat on ESET’s WeLiveSecurity blog. “As ESET’s research team has shown, Mac users who download and install pirated software from torrent sites are not only depriving developers of their rightful income, but are also putting their computers and finances at risk.”

According to detection statistics gathered by the ESET Live Grid, the threat is mostly active amongst Mac users based in the United States. CoinThief was first spotted earlier this month by SecureMac researchers, who found it had been distributed via popular download sites, such as and, disguised as trojanized versions of Bitcoin Ticker TTM (To The Moon), BitVanity, StealthBit and Litecoin Ticker.

ESET researchers strongly recommend that all Mac users protect their computers with an up-to-date anti-virus product and resist the temptation to download cracked and pirated software.

For more information on the CoinThief malware and how to clean infected devices, visit ESET’s WeLiveSecurity blog:

About ESET

ESET®, the pioneer of proactive protection and the maker of the award-winning ESET NOD32® technology, is a global provider of security solutions for businesses and consumers. For over 26 years, the Company continues to lead the industry in proactive threat detection. By obtaining the 80th VB100 award in June 2013, ESET NOD32 technology holds the record number of Virus Bulletin “VB100” Awards, and has never missed a single “In-the-Wild” worm or virus since the inception of testing in 1998. In addition, ESET NOD32 technology holds the longest consecutive string of the VB100 awards of any AV vendor. ESET has also received a number of accolades from AV-Comparatives, AV-TEST and other testing organizations and reviews. ESET NOD32® Antivirus, ESET Smart Security®, ESET Cyber Security® (solution for Mac), ESET® Mobile Security and IT Security for Business are trusted by millions of global users and are among the most recommended security solutions in the world.

The Company has global headquarters in Bratislava (Slovakia), with regional distribution centers in San Diego (U.S.), Buenos Aires (Argentina), and Singapore; with offices in Jena (Germany), Prague (Czech Republic) and Sao Paulo (Brazil). ESET has malware research centers in Bratislava, San Diego, Buenos Aires, Singapore, Prague, Košice (Slovakia), Krakow (Poland), Montreal (Canada), Moscow (Russia) and an extensive partner network for more than 180 countries. More information is available at the ESET Press Center.