Bitcoin miner Trojan arrives for Mac OS X

Stephen Withers
Monday, 31 October 2011 08:38

Business IT - Security

Trojanised versions of legitimate Mac software steal processing power as well as information.

First, some background. Bitcoin is a digital currency that can be exchanged with 'real world' currencies, though the exchange rates are highly variable.

Generating a Bitcoin is computationally intensive, and those who carry out the necessary calculations are rewarded with a payment in Bitcoins. This process is called 'mining'.

The number of Bitcoins you can earn is limited by your hardware - unless you can persuade or trick other people to run Bitcoin-generating software on their systems for your benefit. And that's what miner malware does.

A miner for Mac OS X has turned up within copies of the popular GraphicConverter program that are being distributed via BitTorrent (according to security company Sophos) and in a small number of additional but unspecified applications according to Intego. Variously named DevilRobber or Miner-D, the malware doesn't only mine Bitcoins.

It also steals a variety of data - depending on the exact variant, some combination of: usernames and passwords (Keychain files), browser (Safari, Firefox) and bash (Terminal) history, the Bitcoin wallet, and information relating to the use of TrueCrypt encryption and the Vidalla TOR plugin for Firefox. And for good measure it takes screenshots.

Intego suggests it also searches for child pornography, though Sophos senior technology consultant Graham Cluley noted that "It's unclear whether this [search for files matching "pthc"] is intended to uncover child abuse material or not (the phrase "pthc" is sometimes used on the internet to refer to pre-teen hardcore pornography)."

So what can you do about it? Find out on page 2.