Wednesday, November 2nd 2011
Bitcoin & Password Stealer Trojan For Mac Now Available!
Hot on the heels of our previous story of Apple Macs falling prey to a DDoS trojan, we now have another Mac trojan come on the market, as explained by Sophos. Yes, the Apple platform must indeed be becoming more popular to get this one. It's an unfortunate fact of life that the popularity of any computing platform, including smartphones, can be judged by the number of criminals who will attack it. This little nasty, called OSX/Miner-D or 'DevilRobber', hijacks Mac OS X to perform various tricks, which include minting Bitcoins (the virtual and now virtually worthless currency) stealing usernames and passwords (of course) taking screenshots and stealing the victim's Bitcoin wallet while it's at it, if there is one. And for good measure:
Additionally, it also looks for files matching "pthc", but it's not clear why, as Sophos reports:
But how does a hapless Mac user know that their machine is infected? One of the first signs is sluggish performance and possibly extra noise from the fan on the graphics card. This is because the trojan harnesses the significant power available in today's GPU's to perform the Bitcoin mining. A mid to high end GPU can actually outperform any general purpose CPU, no matter how fast, by several orders of magnitude, which is very important when performing any cryptographic functions that require a lot of processing power, hence this particular hijack.
The trojan unsurprisingly comes as a payload within pirate software downloaded from unofficial sources. In this instance its been found in image editing application GraphicConverter v7.4, but is sure to be embedded in more dodgy software, along with improved [sic] versions of it, eventually. We wish to stress that the software house which sells GraphicConverter is innocent and is as much a victim as the unscrupulous user who downloads the hooky version.
This malware is obviously relatively sophisticated, judging by the number of nefarious functions it performs. This means that it could not have been trivial to write, test and debug, so therefore took significant time and resources of the criminals that wrote it. They just wouldn't do that for a platform with insignificant market share, which is great for Apple fans (the market share, not the malware). However, it's odd how this infection could happen in the first place, given how many hardcore Apple Mac fans know their machines are so secure and bulletproof that they don't need any security software...
it runs a script that copies information to a file called dump.txt regarding truecrypt data, Vidalia (TOR plugin for Firefox), your Safari browsing history, and .bash_history.So, now the criminals also know about all the sites one has visited, eroding user privacy even more. It looks like this malware has covered all the bases, but wait, there's more.
Curiously, the Trojan also hunts for any files that match "pthc". It's unclear whether this is intended to uncover child abuse material or not (the phrase "pthc" is sometimes used on the internet to refer to pre-teen hardcore pornography).This adds a really distasteful twist, doesn't it?
But how does a hapless Mac user know that their machine is infected? One of the first signs is sluggish performance and possibly extra noise from the fan on the graphics card. This is because the trojan harnesses the significant power available in today's GPU's to perform the Bitcoin mining. A mid to high end GPU can actually outperform any general purpose CPU, no matter how fast, by several orders of magnitude, which is very important when performing any cryptographic functions that require a lot of processing power, hence this particular hijack.
The trojan unsurprisingly comes as a payload within pirate software downloaded from unofficial sources. In this instance its been found in image editing application GraphicConverter v7.4, but is sure to be embedded in more dodgy software, along with improved [sic] versions of it, eventually. We wish to stress that the software house which sells GraphicConverter is innocent and is as much a victim as the unscrupulous user who downloads the hooky version.
This malware is obviously relatively sophisticated, judging by the number of nefarious functions it performs. This means that it could not have been trivial to write, test and debug, so therefore took significant time and resources of the criminals that wrote it. They just wouldn't do that for a platform with insignificant market share, which is great for Apple fans (the market share, not the malware). However, it's odd how this infection could happen in the first place, given how many hardcore Apple Mac fans know their machines are so secure and bulletproof that they don't need any security software...
55 Comments on Bitcoin & Password Stealer Trojan For Mac Now Available!
If i remember correctly, they have an anti child pornography moving going on.
It's interesting that this is targetted at the Apple OS though.
prisonerr walled garden OS that it's now economical to design malware for it.And I wanna be a News guy too so I can push my agenda around here as well.
To make out that this is an issue that exists solely with OSX is not only false, but fails to inform so many potential victims of the nature of this malware. In fact I think PC users here are at greater risk, given that most of us run higher end systems than what Apple systems are equipped with. Our GTX 580s are going to provide several times as much processing power as the mobile GPUs used in various mac products today or in previous generations. Someone looking to exploit my systems would certainly be making a hell of a lot more money of my GTX 580/2600K box than they would out of my 320M/1.86 core 2 duo equipped macbook air...especially given the fact that my PC runs 24/7 while my laptop is only on for work.
And while I don't agree with Apple's policy to deny the real threat of malware and trojans on their OS, to say they are unhelpful is really to say they are realistic. If your Linux box gets infected who do you call? If your windows box gets infected, do you really call Microsoft? Yes they offer the Windows Security Essentials as a free optional download, and may help you run it...but to what end is your support? If you have to reinstall windows, do you think Microsoft is going to give you a new windows key? Do you think they will call Dell for you and have them send out a support tech or have them issue you a new pc? Get real, if your system gets infected you are pretty much on your own to solve the problem. Each OS has software you can run to detect and remove malware and trojans and most of them do not ship with the OS, are not enabled by default, or are not as powerful as commercial software you might buy or even free software you might use.
It is said by everyone, every time a new form of malware/trojan/virus/exploit appears on the radar - a system is only as secure as it's user allows it to be. Many of these systems exploit vulnerabilities not in the OS itself, but often with 3rd party programs like flash, java, etc that you give admin rights to.
"Bitcoin & Password Stealer Trojan For Mac Now Available!"
this doesnt by any means define 'soley'
Maybe if Mac fans didnt want to be the joke of unfortunate attacks they would think twice before making such bold claims of their OS's being secure...
in my book... one good turn deserves another...
Anyways, who cares apple or windoes... someone out there is smarter than you and they will one day make your facebook enabled fridge to steal all ur shit, and your web-capable pantry pee in your cheerios. Apple or not, the moral of this story is your f*(%ed.
I replied, "FALCON PUNCH!" and beat some sense into her.
Now they have this ? I presume Apple users found this way to start rebelling and maybe "French Revolution, off with Apple Management heads" about their useless hardware / bug OSX "eat cloud to the hungry"
Apple knows they are the next blackberry of pc + os manufacturers and busy fading in importance. Would not put it past them to create this in-house just to stay relevant.
Come to think of it I have a brand new Apple Mac book pro that is laying around here somewhere, 4 weeks that I have not unboxed it, huh.
Thank god I was not stupid enough to pay for it, someone else did and was.
I'm more surprised to the fact that this trojan using gpu power,and I'm even more surprised if sophos happens to have a vaccine.
:laugh:
Researchers discover zero-day Windows exploit in Duqu virus
Duqu: Status Updates Including Installer with Zero-Day Exploit Found
Agenda much?
* it's even on Sophos
nakedsecurity.sophos.com/2011/11/02/new-zero-day-windows-kernel-vulnerability-associated-with-duqu-trojan/
I found it pretty obvious that the point of this article isnt that Windows isnt vulnerable to these types of attacks because all of us here know they are. the point is that Macs are susceptible to these attacks and many ignorant fanboys are just now finding out after bragging and proclaiming for years that they arent...
It's like having unsafe sex constantly, of course you deserve a virus.
Granted, software based Anti-virus applications are far from perfect, but a warning is all that should be required. At the end of the day, it's still up to the individual to proceed or not. Surfing the internet with no protection is silly. Using the internet unprotected for personal banking and such is idiotic. Some people cant be taught, some people are learning, long term Windows based users have already learnt their lesson.
Changing lanes whilst driving without indication is silly. Driving at twice+ the speed limit and taking corners like its all a video game is idiotic. some people cant be taught, some people are learning, I REFUSE TO DRIVE ANY OTHER WAY!!!
Personally, i KNOW that every single internet banking style transaction is recorded, especially your details lol. It's the frame of mind i prefer to take. My risk's are better calculated.
Steve Jobs should have told the truth before he died. DIED!