Security Market Segment LS
Monday, 31 October 2011 09:38

Bitcoin miner Trojan arrives for Mac OS X

By

Trojanised versions of legitimate Mac software steal processing power as well as information.

First, some background. Bitcoin is a digital currency that can be exchanged with 'real world' currencies, though the exchange rates are highly variable.

Generating a Bitcoin is computationally intensive, and those who carry out the necessary calculations are rewarded with a payment in Bitcoins. This process is called 'mining'.

The number of Bitcoins you can earn is limited by your hardware - unless you can persuade or trick other people to run Bitcoin-generating software on their systems for your benefit. And that's what miner malware does.

A miner for Mac OS X has turned up within copies of the popular GraphicConverter program that are being distributed via BitTorrent (according to security company Sophos) and in a small number of additional but unspecified applications according to Intego. Variously named DevilRobber or Miner-D, the malware doesn't only mine Bitcoins.

It also steals a variety of data - depending on the exact variant, some combination of: usernames and passwords (Keychain files), browser (Safari, Firefox) and bash (Terminal) history, the Bitcoin wallet, and information relating to the use of TrueCrypt encryption and the Vidalla TOR plugin for Firefox. And for good measure it takes screenshots.

Intego suggests it also searches for child pornography, though Sophos senior technology consultant Graham Cluley noted that "It's unclear whether this [search for files matching "pthc"] is intended to uncover child abuse material or not (the phrase "pthc" is sometimes used on the internet to refer to pre-teen hardcore pornography)."

So what can you do about it? Find out on page 2.

 

 


The usual advice applies: don't download software from unofficial torrents (not all torrented software is bad, for example there's an official torrent of NeoOffice), and consider the use of antivirus software. Intego points out that DevilRobber gives up if it finds the Little Snitch firewall is present.

If you think you may be a victim but for some reason do not want to install antivirus software (eg, Sophos's free-for-home-use product) to scan your system, you could look inside the application packages of any recently torrented programs for items named DiabloMiner, miner.sh or minerd.

 

BUSINESS WORKS BETTER WITH WINDOWS 1O. MAKE THE SHIFT

You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer

Timezones

QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.

REGISTER!

ADVERTISE ON ITWIRE NEWS SITE & NEWSLETTER

iTWire can help you promote your company, services, and products.

Get more LEADS & MORE SALES

Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]

OR CLICK HERE!

Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments