New Mac OS X Trojan horse spies, steals and requisitions GPU for Bitcoin mining
A new Trojan horse distributed as part of existing Mac OS X applications can steal sensitive user data and take control of the computer’s GPU to generate Bitcoins, a form of currency used online.
In a report released on Saturday, security firm Sophos said that DevilRobber, a Trojan horse that can steal sensitive user data, was found hidden inside copies of Graphic Converter 7.4 downloaded from bit-torrent file-sharing sites.
Once downloaded and opened DevilRobber, also known as "OSX/Miner-D," can steal usernames and passwords and is capable of taking screenshots of users" activity, sending the images online. In addition, the Trojan is able to run scripts that can copy information “regarding truecrypt data, Vidalia (TOR plugin for Firefox), your Safari browsing history, and .bash_history” to a dump.txt file.
The malware has also been found to search for “pthc” files, a term that is used to describe pre-teen hardcore pornography. It is not known at this time whether one of the secondary features of DevilRobber is to find traces of child abuse on affected computers.
Another unusual feature for the new Trojan is its capability of taking over the Mac"s GPU in order to generate Bitcoins, a digital currency that can be used to perform online instant payments without the oversight of a banking authority.
Users generate Bitcoins on personal computers after installing Bitcoin Miner, an application that’s compatible with Mac, Windows and Linux systems. Once obtained, Bitcoins are stored in the user’s digital wallet and can be used for future online payments. Bitcoins can also be exchanged for actual currency with the current exchange rate reportedly at one Bitcoin per US$3.20.
In addition to harnessing the power of the GPU to generate more Bitcoins, the DevilRobber can also steal the user’s existing Bitcoin wallet if it finds the appropriate files.
One of the obvious signs that suggest the machine has been affected is a slowdown of overall computing performance. Users will reportedly notice sluggishness as the Trojan uses GPU resources for mining purposes.
In order to avert unwanted DevilRobber installations, Mac users are advised not to download software from untrusted sources, even if they appear to be legitimate. It is not known at this time whether other Mac applications available on torrent sites come bundled with the new Trojan horse.
DevilRobber (OSX/Miner-D) Trojan horse | Source: Sophos
Apple has yet to acknowledge the new threat, though common anti-virus programs are able to detect DevilRobber.
DevilRobber is the most recent in a wave of malware attacks targeting an increasing number of Mac owners. Apple recently cleared a threat from a non-functional Chinese Trojan horse that disguised itself as a PDF download.
Recently various instances of a different, more advanced malware program emerged. “Flashback” posed as an Adobe Flash installer, with a later upgraded version programmed to disable the default OS X anti-malware protection thus leaving systems vulnerable to subsequent attacks.