Home / malware Trojan.Coinstealer
First posted on 18 March 2014.
Source: SymantecAliases :
There are no other names known for Trojan.Coinstealer.
Explanation :
The Trojan targets both Windows and Mac OS X computers
Windows computers
When the Trojan is executed, it creates the following files: %Temp%\TibanneSocket.exe%Temp%\revsecurity.dll
The Trojan then searches for the following files: C:\Documents and Settings\All Users\Application Data\Bitcoin\bitcoin.confC:\Documents and Settings\All Users\Application Data\Bitcoin\wallet.dat
Mac OS X computers
The Trojan searches for the following files: /Library/Application Support/Bitcoin/bitcoin.conf/Library/Application Support/Bitcoin/wallet.dat
Both operating systems
The Trojan then sends these files to the following remote locations: [http://]82.118.242.145/cgi-bin/conf[REMOVED][http://]82.118.242.145/cgi-bin/sync[REMOVED]
The Trojan then deletes itself from Windows computers.Last update 18 March 2014
