or Connect
AppleInsider › Forums › Software › Mac OS X › New Mac OS X Trojan horse spies, steals and requisitions GPU for Bitcoin mining
New Posts  All Forums:Forum Nav:

New Mac OS X Trojan horse spies, steals and requisitions GPU for Bitcoin mining

post #1 of 45
Thread Starter 
A new Trojan horse hidden in a Mac OS X application can steal sensitive user data and take control of the computers GPU to generate Bitcoins, a form of currency used online.

In a report released on Saturday, security firm Sophos said that DevilRobber, a Trojan horse that can steal sensitive user data, was found hidden inside copies of Graphic Converter 7.4 downloaded from bit-torrent file-sharing sites.

DevilRobber, also known as "OSX/Miner-D," can steal usernames and passwords and is capable of spying on users by taking screenshots of their activity and sending the images online. In addition, the Trojan is able to run scripts that can copy information regarding truecrypt data, Vidalia (TOR plugin for Firefox), your Safari browsing history, and .bash_history to a dump.txt file.

The malware has also been found to search for pthc files, a term that is used to describe pre-teen hardcore pornography. It is not known at this time whether one of the secondary features of DevilRobber is to find traces of child abuse on affected computers.

Another unusual feature for the new Trojan is its capability of taking over a Mac's GPU in order to generate Bitcoins, a digital currency that can be used to perform online instant payments without the oversight of a banking authority.

Users generate Bitcoins on personal computers after installing Bitcoin Miner, an application thats compatible with Mac, Windows and Linux systems. Once obtained, Bitcoins are stored in the users digital wallet and can be used for future online payments. Bitcoins can also be exchanged for actual currency with the current exchange rate reportedly valuing one Bitcoin at US$3.20.

In addition to harnessing the power of the GPU to generate more Bitcoins, DevilRobber can also steal the users existing Bitcoin wallet if it finds the appropriate files.

Sophos suggests users be aware of signs that point to a malware attack. For example, a malware attack can result in the slowdown of overall computing performance, with affected users reporting sluggishness as the Trojan steals GPU resources for mining purposes.

In order to avoid unwanted DevilRobber installations, Mac users are advised to refrain from downloading software via untrusted sources, even if they appear to be legitimate. It is not known at this time whether other Mac applications available on torrent sites come bundled with the new Trojan horse.

DevilRobber (OSX/Miner-D) Trojan horse | Source: Sophos

Apple has yet to acknowledge the new threat, though common anti-virus programs are able to detect DevilRobber.

The new malware is the most recent in a wave of programs targeting an increasing number of Mac owners. Apple recently cleared a threat from a non-functional Chinese Trojan horse that disguised itself as a PDF download.

Recently various instances of a different, more advanced malware program emerged. Flashback posed as an Adobe Flash installer, with a later upgraded version programmed to disable the default OS X anti-malware protection thus leaving systems vulnerable to subsequent attacks.
post #2 of 45
Quote:
Originally Posted by AppleInsider View Post

A new Trojan horse distributed as part of existing Mac OS X applications can steal sensitive user data and take control of the computers GPU to generate Bitcoins, a form of currency used online.

This sounds serious.

What is the best antivirus software for Macs? How many people neglect to install it?

Why isn't protection built into the OS? Mac users generally can't be expected to find and install such things. The machine should Just Work.
post #3 of 45
Quote:
Originally Posted by ConradJoe View Post

This sounds serious.

It's not. Stop being a troll. Stop spreading FUD.

Quote:
What is the best antivirus software for Macs?

Little Snitch.

Quote:
How many people neglect to install it?

Everyone intelligent.

Quote:
Why isn't protection built into the OS?

It is. Stop being a troll. Stop spreading FUD.

Quote:
The machine should Just Work.

The trolls should Shut Up.
post #4 of 45
deleted
post #5 of 45
Quote:
Originally Posted by MacRulez View Post

prohibits all other means of putting your software on your Mac other than the Apple AppStore.

I'm all alone there's no one here beside me
post #6 of 45
Quote:
Originally Posted by ConradJoe View Post

This sounds serious.

What is the best antivirus software for Macs? How many people neglect to install it?

Why isn't protection built into the OS? Mac users generally can't be expected to find and install such things. The machine should Just Work.

Things are getting more sophisticated but malware hiding in illegally downloaded applications has existed for years on the Mac. Download anything illegal at your own risk. To be more specific, do not agree to the dialogue box warning you that you about to run a downloaded executable for the first time, do not run an installer, click install or enter your password unless you know it comes from a legitimate source.

There is Sophos which is commercial, there is Clam AV (www.clamav.net) which is opensource (and there is Norton which for years was worse than the malware it was supposed to protect you from).

OS X has a built-in antivirus software that is based on signatures. Most if not all antivirus software on Windows is based on signatures and heuristics, the latter can catch malware that is still unknown, it can however also catch legitimate processes and files (false positives).
post #7 of 45
so basically, another "threat" giving publicity making the PC users go "lol" cause macs gets "virus" too even though it's another trojan that requires a moron user to install it.

Still waiting on an actual threat that doesn't require a user to be an idiot and install it manually by installing flash (i mean seriously, flash using an apple installer? that'll be the day) or bonus anti virus, or pirated software.
post #8 of 45
Quote:
Originally Posted by MacRulez View Post

It will, just as soon as Apple prohibits all other means of putting your software on your Mac other than the Apple AppStore.

Be careful what you wish for....

honestly it's going that way, it's the only way apple can keep dumb users from messing up their computer.

for people who got this new threat. You stole someones software, now someone is stealing from you, what goes around comes around.
post #9 of 45
Quote:
Originally Posted by ConradJoe View Post

Why isn't protection built into the OS?

It is. It's called XProtect.
post #10 of 45
Hmm....starting to hear more and more of these things.
post #11 of 45
Quote:
Originally Posted by Tallest Skil View Post

I'm all alone there's no one here beside me

You're not alone. However, I am still trying to get my brain around the level of stupidity of someone who would actually download a pirated version GraphicConverter. This absolutely wonderful application works without paying the license fee. It is readily downloadable from the Lemkesoft website. What next? Will Sophos find a trojan that demands all of your bank account numbers in a pirated version of iTunes?
post #12 of 45
So, basically. The only people who can be affected by this are morons. That about sums it up.
post #13 of 45
Quote:
Originally Posted by ConradJoe View Post

This sounds serious.

Yeah. People stealing software by using torrent sites is serious

A non tech's thoughts on Apple stuff 

(She's family so I'm a little biased)

Reply

A non tech's thoughts on Apple stuff 

(She's family so I'm a little biased)

Reply
post #14 of 45
Quote:
Originally Posted by Tallest Skil View Post

I'm all alone there's no one here beside me

Nah, I'm watching him too. Twenty-two posts so far today, on eight topics. He's been at it for nearly twelve hours, with a break for two hours.

Or do I misread you?
post #15 of 45
Quote:
Originally Posted by Flaneur View Post

Nah, I'm watching him too. Twenty-two posts so far today, on eight topics. He's been at it for nearly twelve hours, with a break for two hours.

Or do I misread you?

Nope, that's exactly what I'm talking about. Trolls replying to trolls replying to trolls. Ad infinitum.
post #16 of 45
Quote:
Originally Posted by noirdesir View Post

To be more specific, do not agree to the dialogue box warning you that you about to run a downloaded executable for the first time, do not run an installer, click install or enter your password unless you know it comes from a legitimate source.

OS X has a built-in antivirus software that is based on signatures. Most if not all antivirus software on Windows is based on signatures and heuristics, the latter can catch malware that is still unknown, it can however also catch legitimate processes and files (false positives).

I recommend ESET NOD32 to most people who ask. VirusBarrier X, Norton, etc all used to suck on Mac OS, but NOD32 is good. It's nice for running VMs too. Low memory footprint, unobtrusive.
And whomever mentioned Little Snitch from Objective Development, that's a really awesome firewall.
BitDefender is also good at finding stuff, but heavy on resources so I don't recommend it.

For those that don't run AV, I assume you are smart enough to not install things to your Mac that you don't trust.

For the average user who can barely type, AV is essential. Most people just click through UAC on Windows, or they will type their password into the box without reading on OS X.

I use AV because I transfer files a lot across flash drives, which get scanned when they hit my USB port. If I find something on someone else's disk, I get rid of it for them, and tell them to run a scan on their machine.
post #17 of 45
Quote:
Originally Posted by Tallest Skil View Post

Nope, that's exactly what I'm talking about. Sock puppets astro-turfing to trolls replying to sock puppets. Ad infinitum.

tftfy
.
Reply
.
Reply
post #18 of 45
Quote:
Originally Posted by AppleInsider View Post

A new Trojan horse hidden in a Mac OS X application can steal sensitive user data ... was found hidden inside copies of Graphic Converter 7.4 downloaded from bit-torrent file-sharing sites...

This is hilarious.

A Trojan who's main purpose is to steal a form of money no one uses or cares about is hidden inside a program that no one with any brains has used since 1995. It's like they are deliberately trolling for seniors or fools here.

If you are in that minority of people who actually think Graphic Converter is a useful program and are furthermore in the minority of those folks in that want to steal it instead of pay for it, you richly deserve this Trojan.
post #19 of 45
Quote:
Originally Posted by Prof. Peabody View Post

This is hilarious.

A Trojan who's main purpose is to steal a form of money no one uses or cares about is hidden inside a program that no one with any brains has used since 1995. It's like they are deliberately trolling for seniors or fools here.

If you are in that minority of people who actually think Graphic Converter is a useful program and are furthermore in the minority of those folks in that want to steal it instead of pay for it, you richly deserve this Trojan.

Agreed. I think it is a Trojan for OS9, Graphics Converter?...

I am alway concerned the Nortons of this world put out this FUD or worse are behind it.

On this subject AI and MacRumors need to be very careful not to be manipulated.
From Apple ][ - to new Mac Pro I've used them all.
Long on AAPL so biased
"Google doesn't sell you anything, they just sell you!"
Reply
From Apple ][ - to new Mac Pro I've used them all.
Long on AAPL so biased
"Google doesn't sell you anything, they just sell you!"
Reply
post #20 of 45
It sounds like we are looking at the methods used to dismantle the porn ring by Anonymous. Tor? Porn? Drive encryption? Bitcoins? Sounds like something they would do. They could work up a good rep in the porn ring and seed a release that requires you to install that program (at the same time providing a cracked version, how convienient). Only Anonymous would break the law like that in order to catch the real criminals.
post #21 of 45
Quote:
Originally Posted by Tallest Skil View Post

I'm all alone there's no one here beside me

AI is losing the battle. At the rate it's been going lately - and the apparent editorial laxity - the die-hards might as well give up. I have. The last straw for me was the utterly disgusting, defiling posts on the Mona Simpson story that AI did not even bother to scrub.

Too bad. It had a good thing going even while the gizmodos and the engadgets were losing their way.

Not any more.\
post #22 of 45
Quote:
Originally Posted by Tallest Skil View Post

Nope, that's exactly what I'm talking about. Trolls replying to trolls replying to trolls. Ad infinitum.

That's how they get paid.
post #23 of 45
Quote:
Originally Posted by Tallest Skil View Post

It's not. Stop being a troll. Stop spreading FUD.



Little Snitch.



Everyone intelligent.



It is. Stop being a troll. Stop spreading FUD.



The trolls should Shut Up.

Wow that mentality. I have seen it in teenagers who think very highly of themselves. I still try to find the point where insulting a fellow blogger makes for good medicine. I remember you from a couple of years ago and you still haven't changed. Oh and of course you will try to come up with a creative way to insult me. Thats ok I see the weakness in your personality. I forgive you.
An Apple man since 1977
Reply
An Apple man since 1977
Reply
post #24 of 45
Quote:
Originally Posted by tylerk36 View Post

Wow that mentality. I have seen it in teenagers who think very highly of themselves. I still try to find the point where insulting a fellow blogger makes for good medicine. I remember you from a few years ago and you still haven't changed. Oh and of course you will try to come up with a creative way to insult me. Thats ok I see the weakness in your personality. I forgive you.

*Stereotypical Australian guidesman accent*

"'Ere, look, see wot 'e's done now! We've provoked the nest by proving wrong oll of their a'guments about the actual topic, an' now we see the ad-'ominem attacks comin' out. Pay attention to the beautiful verb'yage in 'is post. This is a defense mechanism to make the poster 'e's quoted appear incorrect about 'is position, denigrate the person in question, and to establish a paper-thin sense of, quote, 'moral superiority'. Textbook case we've got right 'ere, 'aven't we? She's a beauty."
post #25 of 45
Quote:
Originally Posted by Tallest Skil View Post

*Stereotypical Australian guidesman accent*

"'Ere, look, see wot 'e's done now! We've provoked the nest by proving wrong oll of their a'guments about the actual topic, an' now we see the ad-'ominem attacks comin' out. Pay attention to the beautiful verb'yage in 'is post. This is a defense mechanism to make the poster 'e's quoted appear incorrect about 'is position, denigrate the person in question, and to establish a paper-thin sense of, quote, 'moral superiority'. Textbook case we've got right 'ere, 'aven't we? She's a beauty."

Your rally funny. ROFL. Aye.
An Apple man since 1977
Reply
An Apple man since 1977
Reply
post #26 of 45
Quote:
Originally Posted by Tallest Skil View Post

*Stereotypical Australian guidesman accent*

"'Ere, look, see wot 'e's done now! We've provoked the nest by proving wrong oll of their a'guments about the actual topic, an' now we see the ad-'ominem attacks comin' out. Pay attention to the beautiful verb'yage in 'is post. This is a defense mechanism to make the poster 'e's quoted appear incorrect about 'is position, denigrate the person in question, and to establish a paper-thin sense of, quote, 'moral superiority'. Textbook case we've got right 'ere, 'aven't we? She's a beauty."

I have to apologize. I finally figured it out. You behavior is actually a sense of humor. I am not joking. Your actually trying to be really funny. Good Job. I am still laughing. That was so funny it have a belly ache. LOLOL
An Apple man since 1977
Reply
An Apple man since 1977
Reply
post #27 of 45
You will see high fan speeds and extra heat on your machine if you are infected as the bitcoin generation function uses the video card constantly all shaders on.

If you are a bitcoin user make sure you are running the latest bitcoin version with encrypted wallet on, otherwise this trojan will steal all of your bitcoins.
post #28 of 45
Well I payed a lot of money for my MBP and I kind of like it running properly. Apple even has given me a safe a trusted place to download all the apps I know are safe and probably all the apps I want. So I think I am going to d/l a hack from some random torrent I don't see how this could lead to a problem,
post #29 of 45
Quote:
Originally Posted by AppleInsider View Post

A new Trojan horse hidden in a Mac OS X application can steal sensitive user data and take control of the computers GPU to generate Bitcoins, a form of currency used online.

In a report released on Saturday, security firm Sophos said that DevilRobber, a Trojan horse that can steal sensitive user data, was found hidden inside copies of Graphic Converter 7.4 downloaded from bit-torrent file-sharing sites.

DevilRobber, also known as "OSX/Miner-D," can steal usernames and passwords and is capable of spying on users by taking screenshots of their activity and sending the images online. In addition, the Trojan is able to run scripts that can copy information regarding truecrypt data, Vidalia (TOR plugin for Firefox), your Safari browsing history, and .bash_history to a dump.txt file.

The malware has also been found to search for pthc files, a term that is used to describe pre-teen hardcore pornography. It is not known at this time whether one of the secondary features of DevilRobber is to find traces of child abuse on affected computers.

Another unusual feature for the new Trojan is its capability of taking over a Mac's GPU in order to generate Bitcoins, a digital currency that can be used to perform online instant payments without the oversight of a banking authority.

Users generate Bitcoins on personal computers after installing Bitcoin Miner, an application thats compatible with Mac, Windows and Linux systems. Once obtained, Bitcoins are stored in the users digital wallet and can be used for future online payments. Bitcoins can also be exchanged for actual currency with the current exchange rate reportedly valuing one Bitcoin at US$3.20.

In addition to harnessing the power of the GPU to generate more Bitcoins, DevilRobber can also steal the users existing Bitcoin wallet if it finds the appropriate files.

Sophos suggests users be aware of signs that may expose that a computer has been affected by malware. For example, a malware attack can result in the slowdown of overall computing performance, with affected users reporting sluggishness as the Trojan steals GPU resources for mining purposes.

In order to avoid unwanted DevilRobber installations, Mac users are advised to not download software from untrusted sources, even if they appear to be legitimate. It is not known at this time whether other Mac applications available on torrent sites come bundled with the new Trojan horse.

DevilRobber (OSX/Miner-D) Trojan horse | Source: Sophos

Apple has yet to acknowledge the new threat, though common anti-virus programs are able to detect DevilRobber.

The new malware is the most recent in a wave of programs targeting an increasing number of Mac owners. Apple recently cleared a threat from a non-functional Chinese Trojan horse that disguised itself as a PDF download.

Recently various instances of a different, more advanced malware program emerged. Flashback posed as an Adobe Flash installer, with a later upgraded version programmed to disable the default OS X anti-malware protection thus leaving systems vulnerable to subsequent attacks.

If you answer your door and let a burglar in to rob you blind, do you blame the landlord for not building a better security system? A fortress cannot protect anyone from stupidity.
post #30 of 45
On a serious note, it's a bit surprising to me that malware has not popped up with increasing frequency yet. There is no such thing as a bulletproof OS. If malware producers put their minds to it, they can definitely find vulnerabilities in OS X.

In fact, it's not just OS X that has seen very few malwares. Windows 7 is seeing relatively fewer infections compared to the *halcyon* days of XP viruses. I wonder if we are reaching a period (even if temporary) when OS makers and security experts have jumped one step ahead of the malware producers.
post #31 of 45
Quote:
Originally Posted by ConradJoe View Post

This sounds serious.

I too am very concerned. I've heard this trojan can actually cause the sky to fall! Everyone should panic immediately!
post #32 of 45
Quote:
Originally Posted by stelligent View Post

On a serious note, it's a bit surprising to me that malware has not popped up with increasing frequency yet. There is no such thing as a bulletproof OS. If malware producers put their minds to it, they can definitely find vulnerabilities in OS X.

In fact, it's not just OS X that has seen very few malwares. Windows 7 is seeing relatively fewer infections compared to the *halcyon* days of XP viruses. I wonder if we are reaching a period (even if temporary) when OS makers and security experts have jumped one step ahead of the malware producers.

Except for the fact this is not a virus. It's social engineering.
post #33 of 45
Quote:
Originally Posted by stelligent View Post

On a serious note, it's a bit surprising to me that malware has not popped up with increasing frequency yet. There is no such thing as a bulletproof OS. If malware producers put their minds to it, they can definitely find vulnerabilities in OS X.

In fact, it's not just OS X that has seen very few malwares. Windows 7 is seeing relatively fewer infections compared to the *halcyon* days of XP viruses. I wonder if we are reaching a period (even if temporary) when OS makers and security experts have jumped one step ahead of the malware producers.

You obviously don't work in IT. It is a bi-daily task to remove malware from windows 7 machines. Users are still the weakest link and still click on shit they shouldn't.

Users circumvent antivirus, anti malware, ad blocking, DNS filtering, they are the bane of It support.

On a plus note, windows 7 is definitely easier to clean than XP was, often times the offending software just needs to be deleted in the same way as the mac Trojans.
post #34 of 45
Quote:
Originally Posted by Mr. Me View Post

You're not alone. However, I am still trying to get my brain around the level of stupidity of someone who would actually download a pirated version GraphicConverter. This absolutely wonderful application works without paying the license fee. It is readily downloadable from the Lemkesoft website. What next? Will Sophos find a trojan that demands all of your bank account numbers in a pirated version of iTunes?

Whah, that's BRILLIANT. I would find that so funny...
/me wonders if making a pirated version of iTunes with a trojan sending money to some nice child-protection non-profit would really turn out that bad

Social Capitalist, dreamer and wise enough to know I'm never going to grow up anyway... so not trying anymore.

 

http://m.ign.com/articles/2014/07/16/7-high-school-girls-are-kickstarting-their-awa...

Reply

Social Capitalist, dreamer and wise enough to know I'm never going to grow up anyway... so not trying anymore.

 

http://m.ign.com/articles/2014/07/16/7-high-school-girls-are-kickstarting-their-awa...

Reply
post #35 of 45
Quote:
Originally Posted by Prof. Peabody View Post

This is hilarious.

A Trojan who's main purpose is to steal a form of money no one uses or cares about is hidden inside a program that no one with any brains has used since 1995. It's like they are deliberately trolling for seniors or fools here.

If you are in that minority of people who actually think Graphic Converter is a useful program and are furthermore in the minority of those folks in that want to steal it instead of pay for it, you richly deserve this Trojan.

^ This.

Social Capitalist, dreamer and wise enough to know I'm never going to grow up anyway... so not trying anymore.

 

http://m.ign.com/articles/2014/07/16/7-high-school-girls-are-kickstarting-their-awa...

Reply

Social Capitalist, dreamer and wise enough to know I'm never going to grow up anyway... so not trying anymore.

 

http://m.ign.com/articles/2014/07/16/7-high-school-girls-are-kickstarting-their-awa...

Reply
post #36 of 45
Quote:
Originally Posted by MysticalOS View Post

so basically, another "threat" giving publicity making the PC users go "lol" cause macs gets "virus" too even though it's another trojan that requires a moron user to install it.

Still waiting on an actual threat that doesn't require a user to be an idiot and install it manually by installing flash (i mean seriously, flash using an apple installer? that'll be the day) or bonus anti virus, or pirated software.

Took the words from my mouth.
Thumbs up and hats off to you.

... at night.

Reply

... at night.

Reply
post #37 of 45
Quote:
Originally Posted by stelligent View Post

On a serious note, it's a bit surprising to me that malware has not popped up with increasing frequency yet. There is no such thing as a bulletproof OS. If malware producers put their minds to it, they can definitely find vulnerabilities in OS X.

In fact, it's not just OS X that has seen very few malwares. Windows 7 is seeing relatively fewer infections compared to the *halcyon* days of XP viruses. I wonder if we are reaching a period (even if temporary) when OS makers and security experts have jumped one step ahead of the malware producers.

I don't think this trojan exploits any flaws. Other than human greed and stupidity at least.

In the short term there is nothing Apple can do against this except be vigilant about updating XProtect. In the future they will just have to push harder to get people to use the app store, and eventually when it's feasible only allow apps to be installed from the App store.

The OS has no way to divine if using your GPU to generate bit coins is something you as a user want to be doing, or something some trojan writer wanted (No matter how stupid generating bit coins is in the first place).
post #38 of 45
its allways funny to see the dei hard mac fans are not worried and new mac users (mostly pc switcher) freak out.
And yes its true most anti viris software creators publish these kind of scare ware apps.
post #39 of 45
Quote:
Originally Posted by Appletosh View Post

And yes its true most anti viris software creators publish these kind of scare ware apps.

Oh, gosh. That thought hadn't even crossed my mind

Do I have too much faith in humanity to do the right thing?
post #40 of 45
Are you truly serious? Graphic Converter, while not a program I have used frequently, does things that are very useful. FFS, it imports something like 200 different file types and it's distributed as a fully functional program prior to being licensed.

Tell me...what lack of mental acuity is required to use this program?
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Mac OS X
AppleInsider › Forums › Software › Mac OS X › New Mac OS X Trojan horse spies, steals and requisitions GPU for Bitcoin mining