ESET Security Professionals warn that the malware is being distributed through torrents. In addition to Angry Birds, cybercriminals have disguised OSX/CoinThief as various popular Mac OS X apps such as BBEdit, Pixelmator, and Delicious Library. "There is clearly strong evidence that the trojan was specifically designed to profit from the current Bitcoin craze and fluctuating exchange rates," security expert Graham Cluley stated on ESET's WeLiveSecurity blog.
Once the malware is executed, OSX/CoinThief installs a web browser extension and monitors the victim's web traffic. An additional component that runs in the background checks for wallet login credentials and sends the information to the attackers. The malicious web extension is called "Pop-Up Blocker." If this extension is present on your Mac Internet browser, you're probably infected. Another way to find out if you're infected with OSX/CoinThief is to open Activity Monitor in the Utilities Folder and look for a process called com.google.softwareUpdateAgent. This process is created by OSX/CoinThief.
Image ©Angry Birds