Home / malwarePDF  


First posted on 18 March 2014.
Source: Symantec

Aliases :

There are no other names known for Trojan.Coinstealer.

Explanation :

The Trojan targets both Windows and Mac OS X computers

Windows computers
When the Trojan is executed, it creates the following files: %Temp%\TibanneSocket.exe%Temp%\revsecurity.dll
The Trojan then searches for the following files: C:\Documents and Settings\All Users\Application Data\Bitcoin\bitcoin.confC:\Documents and Settings\All Users\Application Data\Bitcoin\wallet.dat
Mac OS X computers
The Trojan searches for the following files: /Library/Application Support/Bitcoin/bitcoin.conf/Library/Application Support/Bitcoin/wallet.dat
Both operating systems
The Trojan then sends these files to the following remote locations: [http://][REMOVED][http://][REMOVED]
The Trojan then deletes itself from Windows computers.

Last update 18 March 2014