UPDATED 11:48 EDT / NOVEMBER 02 2011

NEWS

DevilRobber Virus Usurps Mac Processing Power to Mine Bitcoins

A new Mac OS Trojan has been caught in the wild and this time, instead of just stealing sensitive information from infected computers, it also surreptitiously steals processing power from the computer in order to mine bitcoins. Across the Bitcoin community, GPUs are commonly leveraged for their calculation power in order to mine future coins and many people join into mining pools with their computers in order to make their own of the valuable virtual cryptocurrency.

The Trojan, dubbed DevilRobber, is named such because it packages a Java-based bitcoin miner named DiabloMiner. The malware has been found in the wild distributed with certain infected BitTorrent downloads including GraphicConverter version 7.4, an image editor for Mac OS X.

“This malware is complex, and performs many operations,” security researchers from Mac antivirus vendor Intego warned. “It is a combination of several types of malware: It is a Trojan horse, since it is hidden inside other applications; it is a backdoor, as it opens ports and can accept commands from command and control servers; it is a stealer, as it steals data and Bitcoin virtual money; and it is a spyware, as it sends personal data to remote servers.”

According to the security blog Naked Security by Sophos, the underlying mechanism of the malware is extremely sophisticated. It takes screenshots of activity on the computer while keylogging in attempts to steal passwords; it also seeks out information on what encrypted volumes the user might have (such as Truecrypt); and even pokes around the hard drive looking for financial information.

Add this with the inclusion of a Bitcoin miner.

It’s obvious that the writers of this program expected that some of the people they might hit would be enthusiasts of cryptography—with the TrueCrypt volume scanning portion—and it’s true that many fans of the cryptocurrency also understand the basics of computer security. Keylogging and attempting to grab cryptographic information means that this Trojan sits nearer the top of the food chain for capturing sensitive information. This is possibly because security-conscious Bitcoin miners will encrypt their wallet.dat files for extra protection.

The capability to distribute processing power for mining Bitcoins into the cloud and the nature of the multitude of viruses that infected computers every day seems like an extremely lucrative venue for malware programmers. As they’re semi-anonymous, miners imbedded in Trojans could be a lot more lucrative than DDoS zombies; however, they would produce constant traffic and system load as they did their mining which would make them easier to detect.

As always, scan files taken from less-than-reputable sources—that means especially BitTorrent—before executing them on any system. This is not to say it’s the fault of GraphicConverter or BitTorrent directly, one is a legitimate product repurposed by criminals and the other is essentially a digital swap meet where anything may appear on the tables.

Practice safe downloading and safe computing.


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU