DevilRobber OS X Malware Mines for Bitcoins While Stealing Your Data

The new piece of malware will steal anything it can find

By on October 29th, 2011 10:31 GMT

Certain torrents that should contain legitimate Mac OS X applications were found to serve a copy of OSX/Miner-D, a new piece of malware that eats up all your resources to take part in a Bitcoin mining pool.

According to Graham Cluley, the threat, also known as DevilRobber was spotted alongside a Mac image editing app that's made available on popular file sharing services.

The first clue that gives away the presence of the malware is the fact that an infected system will start consuming a lot of resources without the user running any pretentious programs. That happens because the Trojan will steal most part of the resources supplied by the computer's GPU to solve Bitcoin blocks.

It's not uncommon for Bitcoin mining bots to use the GPU to fulfill their tasks, but it's the first time when they target Macs.

Besides using your device as a mining unit, the malicious element will also take screenshots of your system in the attempt to procure any sensitive information you might type while surfing the web. To make sure nothing is left of your computing power, it also runs a script that copies data such as browser history and bash history to a text file.

In addition, if you own a Bitcoin wallet, the money hungry Trojan will make sure to steal that as well.

Unfortunately for Mac users, they are faced with a malevolent virus that will try anything to earn its master as much money as it can and because it's new, an outdated virus definition databases will probably not look at it as a threat.

“Clearly, Mac users - like their Windows cousins - should practice safe computing and only download software from official websites and legitimate download services. But, in addition to that, it's becoming clearer every week that Mac users need to take malware protection more seriously by running anti-virus software,” reveals Cluley.

Comments