Home Business IT Security Bitcoin miner Trojan arrives for Mac OS X

Trojanised versions of legitimate Mac software steal processing power as well as information.

First, some background. Bitcoin is a digital currency that can be exchanged with 'real world' currencies, though the exchange rates are highly variable.

Generating a Bitcoin is computationally intensive, and those who carry out the necessary calculations are rewarded with a payment in Bitcoins. This process is called 'mining'.

The number of Bitcoins you can earn is limited by your hardware - unless you can persuade or trick other people to run Bitcoin-generating software on their systems for your benefit. And that's what miner malware does.

A miner for Mac OS X has turned up within copies of the popular GraphicConverter program that are being distributed via BitTorrent (according to security company Sophos) and in a small number of additional but unspecified applications according to Intego. Variously named DevilRobber or Miner-D, the malware doesn't only mine Bitcoins.

It also steals a variety of data - depending on the exact variant, some combination of: usernames and passwords (Keychain files), browser (Safari, Firefox) and bash (Terminal) history, the Bitcoin wallet, and information relating to the use of TrueCrypt encryption and the Vidalla TOR plugin for Firefox. And for good measure it takes screenshots.

Intego suggests it also searches for child pornography, though Sophos senior technology consultant Graham Cluley noted that "It's unclear whether this [search for files matching "pthc"] is intended to uncover child abuse material or not (the phrase "pthc" is sometimes used on the internet to refer to pre-teen hardcore pornography)."

So what can you do about it? Find out on page 2.

 

 


The usual advice applies: don't download software from unofficial torrents (not all torrented software is bad, for example there's an official torrent of NeoOffice), and consider the use of antivirus software. Intego points out that DevilRobber gives up if it finds the Little Snitch firewall is present.

If you think you may be a victim but for some reason do not want to install antivirus software (eg, Sophos's free-for-home-use product) to scan your system, you could look inside the application packages of any recently torrented programs for items named DiabloMiner, miner.sh or minerd.

 

HOW TOP MANAGERS MOTIVATE, ENERGISE EMPLOYEES

Download an in-depth guide to managing a healthy, motivated and energetic workforce without breaking the bank.

DOWNLOAD NOW!

Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences, a PhD in Industrial and Business Studies, and is a senior member of the Australian Computer Society.

 

 

 

 

Connect

Join the iTWire Community and be part of the latest news, invites to exclusive events, whitepapers and educational materials and oppertunities.
Why do I want to receive this daily update?
  • The latest features from iTWire
  • Free whitepaper downloads
  • Industry opportunities