Home / malware
First posted on 18 March 2014.
There are no other names known for Trojan.Coinstealer.
The Trojan targets both Windows and Mac OS X computers
When the Trojan is executed, it creates the following files: %Temp%\TibanneSocket.exe%Temp%\revsecurity.dll
The Trojan then searches for the following files: C:\Documents and Settings\All Users\Application Data\Bitcoin\bitcoin.confC:\Documents and Settings\All Users\Application Data\Bitcoin\wallet.dat
Mac OS X computers
The Trojan searches for the following files: /Library/Application Support/Bitcoin/bitcoin.conf/Library/Application Support/Bitcoin/wallet.dat
Both operating systems
The Trojan then sends these files to the following remote locations: [http://]22.214.171.124/cgi-bin/conf[REMOVED][http://]126.96.36.199/cgi-bin/sync[REMOVED]
The Trojan then deletes itself from Windows computers.
Last update 18 March 2014