Malware Mines for Currency, Steals Data

Wednesday, November 2, 2011 @ 06:11 PM gHale


DevilRobber or Miner-D is the latest piece of malware targeting Mac OS X systems that attempts to steal personal information and uses a machine’s GPU to generate Bitcoins, a decentralized digital currency that can exchange online by users without the need for an intermediary bank or payment service.

The malware is a combination of a Trojan horse, since it hides inside other applications; a backdoor, as it opens ports and can accept commands from command and control servers; a stealer, as it steals data and Bitcoin virtual money; and spyware, as it sends personal data to remote servers, said researchers at security vendor Intego.

RELATED STORIES
Tor Becomes Invisible Again
Apple Fixes QuickTime Flaws
Mac OS X Trojan Running
Mac Malware Disables Protection

DevilRobber uses a legitimate mining program to generate Bitcoins, called DiabloMiner, but then sucks them out of the virtual wallet on the user’s machine to send elsewhere. There have been other cases of malware designed to steal Bitcoin currency, but this is the first Trojan that generates them first. One Bitcoin is currently valued at $3.20, and it is a good source of profit for Bitcoin miners and cybercriminals who steal them.

The process of mining Bitcoins uses significant amounts of processing power, thus it will also reduce a machine’s performance while operating. In addition, DevilRobber spies on users by taking screen captures and sending them to remote servers.

The malware also attempts to steal usernames and passwords, runs scripts that can copy information from a browsing history and unlocks TrueCrypt data to a dump.txt file, and searches for child pornography cues.

So far, the Trojan was in a torrent download for GraphicConverter version 7.4. No one knows yet if other Mac applications available on torrent sites suffer infection from the new malware.



Leave a Reply

You must be logged in to post a comment.