DevilRobber Trojan hijacks Macs for Bitcoin mining, steals data, spreads via pirated software

A new wickedly complex species of Mac malware, dubbed DevilRobber, is spreading in bit-torrent file sharing sites inside copies of a Mac OS X image editing app called Graphic Converter version 7.4. Security firm Sophos blogged that the legitimate Apple program comes with an extra hidden 'bonus' for Bitcoin miners since DevilRobber OSX/Miner-D will hijack a Mac's GPU (Graphics Processing Unit) to generate the digital currency Bitcoins.


The antivirus firm Intego wrote, "This malware is complex, and performs many operations. It is a combination of several types of malware: it is a Trojan horse, since it is hidden inside other applications; it is a backdoor, as it opens ports and can accept commands from command and control servers; it is a stealer, as it steals data and Bitcoin virtual money; and it is a spyware, as it sends personal data to remote servers."

If the network traffic blocker "Little Snitch" is found, DevilRobber terminates. Otherwise this Mac malware will take screen captures, record usernames and passwords, hunt for hardcore child porn, Safari browsing history, truecrypt data and Vidalia Firefox plugin TOR data.  Sophos added, "To complete the assault - if the malware finds the user's Bitcoin wallet it will also steal that." Then DevilRobber launches on port 34522 and uploads the data to a remote server. Meanwhile it steals a Mac's GPU processing power to generate Bitcoins.

It's true enough that Bitcoin has had a rough time, even though the peer-to-peer digital currency was once labeled by Launch as "the most dangerous project we've ever seen" and it had the potential to "topple governments, destabilize economies and create uncontrollable global bazaars for contraband." Some said it was the currency backing Anonymous and AntiSec hackers. LulzSec did receive Bitcoin donations. Since it requires massive electricity to generate Bitcoins, cops confused the power consumption as that from a pot farm operation and busted Bitcoin miners earlier this year. Then Bitcoin underwent a hellish week of hack, heist, trojan and a crash before the bottom fell out.

There was some hope that geeks and hackers could save Bitcoin, but when Bitcoin Miner was recently asked for advice on setting up an inexpensive mining operation, the miners responded:

The revenue from mining is now for nearly all miners below the cost of their electricity. That means it is cheaper to purchase Bitcoins at market than it is to mine them - assuming you are paying for electricity. Put more clearly - mining at the current price levels is currently a money-losing proposition for nearly all participants. Adding hardware at this time for economic reasons is purely a speculative play.

Perhaps stealing those power-hungry computing resources appeals more to cybercrooks than purchasing a Bitcoin mining rig sold by miners bailing out and liquidating?

While Apple has not yet acknowledged the new Mac DevilRobber threat, AppleInsider noted, it recently squashed a "non-functional Chinese Trojan horse that disguised itself as a PDF download." Mac users are increasingly being targeted by cybercrooks such as with "VMware-aware malware" like Flashback Trojan that disabled automatic XProtect updates and Mac malware that was disguised as a PDF document. Adobe fixed the Flash flaw that allowed malicious attackers to turn on an iSight web cam and Mac microphone to secretly spy on users.  Yet another piece of Mac malware was developed by "lazy hackers" who repurposed an "ancient Linux Trojan" to attack Macs. As was warned at the end of last year, lazy cybercriminals would be hiring in 2011 and would also "go green" by reusing, renaming, and recycling malware source code.

Software piracy may not cost you your soul, but it is often tainted with backdoors and other nasty 'bonuses'. So pirated copies of Graphic Converter 7.4 laced with DevilRobber is likely the culprit if your Mac is running sluggishly. If that is the case, you probably like Mac programs for free and Sophos conveniently offers an anti-virus Mac Home Edition for the low, low price of nada, nothing, zero, zilch.

Copyright © 2011 IDG Communications, Inc.

It’s time to break the ChatGPT habit
Shop Tech Products at Amazon