Security researchers at Securelist have found that the data “stolen” from Mark Karpeles’ computer actually contained a BTC-stealing Trojan that masqueraded as a back-end app for managing Mt.Gox trades. The app searched user directories for Bitcoin-related files – wallet.dat and bitcoin.conf – and uploaded them to a server that is now defunct.