Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

New Mac OS X Trojan horse hijacks GPU, steals user data

A new Trojan horse hidden in a Mac OS X application can steal sensitive user data and take control of the computer’s GPU to generate Bitcoins, a form of currency used online.

In a report released on Saturday, security firm Sophos said that DevilRobber, a Trojan horse that can steal sensitive user data, was found hidden inside copies of Graphic Converter 7.4 downloaded from bit-torrent file-sharing sites.

DevilRobber, also known as "OSX/Miner-D," can steal usernames and passwords and is capable of spying on users by taking screenshots of their activity and sending the images online. In addition, the Trojan is able to run scripts that can copy information “regarding truecrypt data, Vidalia (TOR plugin for Firefox), your Safari browsing history, and .bash_history” to a dump.txt file.

The malware has also been found to search for “pthc” files, a term that is used to describe pre-teen hardcore pornography. It is not known at this time whether one of the secondary features of DevilRobber is to find traces of child abuse on affected computers.

Another unusual feature for the new Trojan is its capability of taking over a Mac's GPU in order to generate Bitcoins, a digital currency that can be used to perform online instant payments without the oversight of a banking authority.

Users generate Bitcoins on personal computers after installing Bitcoin Miner, an application that’s compatible with Mac, Windows and Linux systems. Once obtained, Bitcoins are stored in the user’s digital wallet and can be used for future online payments. Bitcoins can also be exchanged for actual currency with the current exchange rate reportedly valuing one Bitcoin at US$3.20.

In addition to harnessing the power of the GPU to generate more Bitcoins, DevilRobber can also steal the user’s existing Bitcoin wallet if it finds the appropriate files.

Sophos suggests users be aware of signs that point to a malware attack. For example, a malware attack can result in the slowdown of overall computing performance, with affected users reporting sluggishness as the Trojan steals GPU resources for mining purposes.

In order to avoid unwanted DevilRobber installations, Mac users are advised to refrain from downloading software via untrusted sources, even if they appear to be legitimate. It is not known at this time whether other Mac applications available on torrent sites come bundled with the new Trojan horse.


DevilRobber (OSX/Miner-D) Trojan horse | Source: Sophos

Apple has yet to acknowledge the new threat, though common anti-virus programs are able to detect DevilRobber.

The new malware is the most recent in a wave of programs targeting an increasing number of Mac owners. Apple recently cleared a threat from a non-functional Chinese Trojan horse that disguised itself as a PDF download.

Recently various instances of a different, more advanced malware program emerged. “Flashback” posed as an Adobe Flash installer, with a later upgraded version programmed to disable the default OS X anti-malware protection thus leaving systems vulnerable to subsequent attacks.



45 Comments

conradjoe 14 Years · 1887 comments

Quote:
Originally Posted by AppleInsider

A new Trojan horse distributed as part of existing Mac OS X applications can steal sensitive user data and take control of the computer?s GPU to generate Bitcoins, a form of currency used online.

This sounds serious.

What is the best antivirus software for Macs? How many people neglect to install it?

Why isn't protection built into the OS? Mac users generally can't be expected to find and install such things. The machine should Just Work.

tallest skil 15 Years · 43086 comments

Quote:
Originally Posted by ConradJoe

This sounds serious.

It's not. Stop being a troll. Stop spreading FUD.

Quote:
What is the best antivirus software for Macs?

Little Snitch.

Quote:
How many people neglect to install it?

Everyone intelligent.

Quote:
Why isn't protection built into the OS?

It is. Stop being a troll. Stop spreading FUD.

Quote:
The machine should Just Work.

The trolls should Shut Up.

tallest skil 15 Years · 43086 comments

Quote:
Originally Posted by MacRulez

?prohibits all other means of putting your software on your Mac other than the Apple AppStore.

I'm all alone? there's no one here beside me?

noirdesir 21 Years · 1027 comments

Quote:
Originally Posted by ConradJoe

This sounds serious.

What is the best antivirus software for Macs? How many people neglect to install it?

Why isn't protection built into the OS? Mac users generally can't be expected to find and install such things. The machine should Just Work.

Things are getting more sophisticated but malware hiding in illegally downloaded applications has existed for years on the Mac. Download anything illegal at your own risk. To be more specific, do not agree to the dialogue box warning you that you about to run a downloaded executable for the first time, do not run an installer, click install or enter your password unless you know it comes from a legitimate source.

There is Sophos which is commercial, there is Clam AV (www.clamav.net) which is opensource (and there is Norton which for years was worse than the malware it was supposed to protect you from).

OS X has a built-in antivirus software that is based on signatures. Most if not all antivirus software on Windows is based on signatures and heuristics, the latter can catch malware that is still unknown, it can however also catch legitimate processes and files (false positives).