Wednesday, November 2nd 2011
Bitcoin & Password Stealer Trojan For Mac Now Available!
Hot on the heels of our previous story of Apple Macs falling prey to a DDoS trojan, we now have another Mac trojan come on the market, as explained by Sophos. Yes, the Apple platform must indeed be becoming more popular to get this one. It's an unfortunate fact of life that the popularity of any computing platform, including smartphones, can be judged by the number of criminals who will attack it. This little nasty, called OSX/Miner-D or 'DevilRobber', hijacks Mac OS X to perform various tricks, which include minting Bitcoins (the virtual and now virtually worthless currency) stealing usernames and passwords (of course) taking screenshots and stealing the victim's Bitcoin wallet while it's at it, if there is one. And for good measure:
Additionally, it also looks for files matching "pthc", but it's not clear why, as Sophos reports:
But how does a hapless Mac user know that their machine is infected? One of the first signs is sluggish performance and possibly extra noise from the fan on the graphics card. This is because the trojan harnesses the significant power available in today's GPU's to perform the Bitcoin mining. A mid to high end GPU can actually outperform any general purpose CPU, no matter how fast, by several orders of magnitude, which is very important when performing any cryptographic functions that require a lot of processing power, hence this particular hijack.
The trojan unsurprisingly comes as a payload within pirate software downloaded from unofficial sources. In this instance its been found in image editing application GraphicConverter v7.4, but is sure to be embedded in more dodgy software, along with improved [sic] versions of it, eventually. We wish to stress that the software house which sells GraphicConverter is innocent and is as much a victim as the unscrupulous user who downloads the hooky version.
This malware is obviously relatively sophisticated, judging by the number of nefarious functions it performs. This means that it could not have been trivial to write, test and debug, so therefore took significant time and resources of the criminals that wrote it. They just wouldn't do that for a platform with insignificant market share, which is great for Apple fans (the market share, not the malware). However, it's odd how this infection could happen in the first place, given how many hardcore Apple Mac fans know their machines are so secure and bulletproof that they don't need any security software...
it runs a script that copies information to a file called dump.txt regarding truecrypt data, Vidalia (TOR plugin for Firefox), your Safari browsing history, and .bash_history.So, now the criminals also know about all the sites one has visited, eroding user privacy even more. It looks like this malware has covered all the bases, but wait, there's more.
Curiously, the Trojan also hunts for any files that match "pthc". It's unclear whether this is intended to uncover child abuse material or not (the phrase "pthc" is sometimes used on the internet to refer to pre-teen hardcore pornography).This adds a really distasteful twist, doesn't it?
But how does a hapless Mac user know that their machine is infected? One of the first signs is sluggish performance and possibly extra noise from the fan on the graphics card. This is because the trojan harnesses the significant power available in today's GPU's to perform the Bitcoin mining. A mid to high end GPU can actually outperform any general purpose CPU, no matter how fast, by several orders of magnitude, which is very important when performing any cryptographic functions that require a lot of processing power, hence this particular hijack.
The trojan unsurprisingly comes as a payload within pirate software downloaded from unofficial sources. In this instance its been found in image editing application GraphicConverter v7.4, but is sure to be embedded in more dodgy software, along with improved [sic] versions of it, eventually. We wish to stress that the software house which sells GraphicConverter is innocent and is as much a victim as the unscrupulous user who downloads the hooky version.
This malware is obviously relatively sophisticated, judging by the number of nefarious functions it performs. This means that it could not have been trivial to write, test and debug, so therefore took significant time and resources of the criminals that wrote it. They just wouldn't do that for a platform with insignificant market share, which is great for Apple fans (the market share, not the malware). However, it's odd how this infection could happen in the first place, given how many hardcore Apple Mac fans know their machines are so secure and bulletproof that they don't need any security software...
55 Comments on Bitcoin & Password Stealer Trojan For Mac Now Available!
sooner or later your going to be Dinner for something
TAKE THAT MAC !
Did you know how much of a big deal Stuxnet was?
No really mate, I get what you want to say, yet you should take in account that qubit didn't say the trojan ONLY hit Mac OS systems. So there's nothing wrong in what he's written.
What is this, bloody Engadget/Gizmodo?
and this OSX/Miner-D is obviously OS X only.
The name wasn't from his own imagination btw, that's the name Sophos (or someone else associated) gave it to the trojan.
More info can be found here for those who don't know about it.
The point of the article is to get Mac users out of their smug self-delusions of superiority regarding security of their platform and wake up to the malware threats, which are increasing as the Mac become more popular.
You need to get off your high horse a bit, open your eyes and check your assumptions, before you start accusing people of what you think is true. Alot of people here want you to get over your smug "what I believe is right" bias that you lace your articles with. Why don't you write a story on that?
I sounded harsh there, but that is the type of wording that you used in your post to reference other people. It's not right. Think, those of us who use macs AND are smug a$$h*les are douches, that is true - but so are you in sinking to that level. I would hate to see a good writer go to waste because he chose to think like an idiot.
I don't assume that all Mac users are smug pricks, you're obviously not and I applaud that. :) However, I've spoken with a lot of Mac users over the years and one of the things I've noticed is how they just love to accuse of PCs of being "infested" with malware and how supposedly secure there Macs are. This was tosh then and is tosh now. I've been using Windows since the Windows 95 era and I've never had a problem with malware. I obviously practice safe computing practices to have ensured this and I've never had more than perhaps three or four infections in all that time, despite all the security holes in the various versions of Windows. Mac users need to start doing this too now your platform is a bit more popular.
Besides, it's not only me saying this (the misplaced smug attitude). The Sophos article was also making my points about this myth of invulnerability and I felt it was a very good point.
EDIT
Just realised, it was yourself who said I think Mac users are smug pricks and I ended up using that term in my post back to you. I actually think calling someone a "prick" is very insulting and only fit for people who really deserve it. I don't think Mac users in denial deserve that at all, so while I think they're smug, I don't think they're pricks.
It's only a matter of time before malware for macs becomes more and more prevalent to the point where it becomes necessary for macs needing to install antivirus as well but personally I don't think that will matter to the general public depending on the future products of Apple.
Apple products are vanity items to the many everyday users otherwise we would not get these people who buy an ACER laptop and slap an apple sticker over the logo they received with their iPod.
Keep looking classy and sleek apple and it's a win/win.
This is my natural style of journalism and it's one of those things that's like Marmite, some love it, while some hate it. If I went all unbiased, it would piss off all the readers that like my style (and me too) so I can't win! lol
The best way to read my articles is with a large dose of irony. :D Believe it or not, there's humour in between the lines. :p
Anyway, relating to the story, bitcoin stealing is not all that hard. Copying a 1mb file? Ok easy. Getting it to you somehow, ehh tougher, but FTP makes it easy as you don't have to alert the user to what you are doing, and it is build into most modern OS's.
However, the post is what ultimately gave away the "The point of the article is to get Mac users out of their smug self-delusions of superiority..." While you didn't say all you didn't really have to. If that is how you really feel, then I feel bad for you - because you are wasting your time. You will get those people out of their smugness. Your trying to prove to someone who is stupid that they are stupid.
Its like me telling PC users that them getting viruses is not windows' fault but theirs "well f*)($ im gonna go get a mac becuase they NEVER get viruses." - Er... ok.
Anyways, good story - sorry if I was a bit harsh, your stuff is really good save for the occasional lapse in objectivity.
I really really don't think all Mac users are like that - nothing is that black and white and it's very stupid to think so. I can't be any clearer than that.
You have a point about one side trying to convince the other, nicely put. ;)
Have I ever got my hands dirty using a Mac?
Oops, I did it again! :eek: j/k Remember that dose of irony...
10-15 years ago I used a Mac SE at work for simple spreadsheeting. I loved the qute all-in-one shape, it was very well built, ran quite nicely and I liked using it. They had a more modern colour one there too (Performa range perhaps? The memory fades) but I seem to remember the apps on that being quite unstable and had a habit of disappearing from the screen in an insta-crash. :shadedshu Those are the only times I ever used a Mac to any great extent. So, what's my favourite platform? Hint: it's not the PC.
Back in the 80s and 90s (qubit shows his quantum age) I was into Acorn computers in a big way. They were fantastic and powerful machines for their time, except that unlike Apple, Acorn had a habit of failing in the market :rolleyes: and I eventually went over to
the dark sideWindows when that platform became too glaringly untenable. However, it was this same company that created the incredibly successful ARM processor! I've programmed the ARM processor myself in assembly language and this baby's a beauty, I can tell you. :rockout:EDITNow there's irony! :toast:
He decided to post a news article about macs getting a virus because mactards have their comps shoved so far up their ass and think it and they are more superior to windows users. This is great news because you never hear of anything like this going on for a mac.
On the other hand, yeah a new virus is released for windows. Big fucking deal. Thats old news. Happens everyday and we all come to expect it. Its not every day, or even once a year you hear something like this happening to a mac.
Why do people give qubit so much shit for the news he posts anyway? I honestly dont know how he puts up with some of you people.
- Because I do this as a spare time hobby, same as you posting on here when you have a minute to spare, therefore I can't cover everything happening in the PC world
- News posts take a surprisingly long time to write. Especially for a grammar nazi perfectionist like me :laugh:
- I post what I happen to come across, think will be relevant to TPU and I find interesting. I find articles like this particularly interesting...
- Sometimes btarunr sneeks up on me and snaps up the article I was thinking of covering. I have told him several times now to use his time machine and look into the future to see what I would have posted, but he won't listen. tsk :shadedshu
- If you see any news you'd like to see covered, send me a PM. If I publish it, I'll give you credit for the lead in post 2
And yeah, crash is right, how could I resist a juicy story about a Mac trojan?! :DThanks dude. :toast: I simply put on my best flame-repellant suite and face the angry mob. :laugh: I think it may need an upgrade soon, though. ;)
Article Title
The title of the news article could be construed that the trojan is something you want because it suggests that the malware is "now available." If you actually read the article you understand that the title is a "tongue-in-cheek" play on words and is not condoning getting the malware in any way, shape or form. A news article's title should draw the reader's attention by making them curious about the content, otherwise people will just peruse the headlines.
Stereotypes
In my 30 years of working in IT, I have not run across all that many "smug" Apple users, but all but one I've ever met have been delusional (or at best oblivious) about the security and reliability (crashing) of their Mac(s). The one honest guy who worked in graphics arts stated, "We work with almost exclusively Macintosh computers. Shit crashes occasionally just like any other Windows PC." One of our current sales gusy who uses a Mac latop simply states, "Macs don't get visuses because it's impossible to write them." :shadedshu
Qubit's Opinions
Every single one of the 2 million+ posts on this forum are someone's opinion. Opinions generate discussion and make for lively threads. People are not used to seeing the opinions in the news article itself, but why should opinions be delegated to resonding posts only? (Quick Tip : They're not, Bta does it too, he's just more subtle ;) ) People say that they don't like opinions in news, but they sure have no problem posting their opinion .. do they? IMO, these news articles have made TPU more fun and interesting without sacrificing the hard news because they are "in addition to" the hard news, not replacing or even supplanting it.
Just my 2 cents ... Carry On.