Wednesday, November 2nd 2011

Bitcoin & Password Stealer Trojan For Mac Now Available!

Hot on the heels of our previous story of Apple Macs falling prey to a DDoS trojan, we now have another Mac trojan come on the market, as explained by Sophos. Yes, the Apple platform must indeed be becoming more popular to get this one. It's an unfortunate fact of life that the popularity of any computing platform, including smartphones, can be judged by the number of criminals who will attack it. This little nasty, called OSX/Miner-D or 'DevilRobber', hijacks Mac OS X to perform various tricks, which include minting Bitcoins (the virtual and now virtually worthless currency) stealing usernames and passwords (of course) taking screenshots and stealing the victim's Bitcoin wallet while it's at it, if there is one. And for good measure:
it runs a script that copies information to a file called dump.txt regarding truecrypt data, Vidalia (TOR plugin for Firefox), your Safari browsing history, and .bash_history.
So, now the criminals also know about all the sites one has visited, eroding user privacy even more. It looks like this malware has covered all the bases, but wait, there's more.

Additionally, it also looks for files matching "pthc", but it's not clear why, as Sophos reports:
Curiously, the Trojan also hunts for any files that match "pthc". It's unclear whether this is intended to uncover child abuse material or not (the phrase "pthc" is sometimes used on the internet to refer to pre-teen hardcore pornography).
This adds a really distasteful twist, doesn't it?

But how does a hapless Mac user know that their machine is infected? One of the first signs is sluggish performance and possibly extra noise from the fan on the graphics card. This is because the trojan harnesses the significant power available in today's GPU's to perform the Bitcoin mining. A mid to high end GPU can actually outperform any general purpose CPU, no matter how fast, by several orders of magnitude, which is very important when performing any cryptographic functions that require a lot of processing power, hence this particular hijack.

The trojan unsurprisingly comes as a payload within pirate software downloaded from unofficial sources. In this instance its been found in image editing application GraphicConverter v7.4, but is sure to be embedded in more dodgy software, along with improved [sic] versions of it, eventually. We wish to stress that the software house which sells GraphicConverter is innocent and is as much a victim as the unscrupulous user who downloads the hooky version.

This malware is obviously relatively sophisticated, judging by the number of nefarious functions it performs. This means that it could not have been trivial to write, test and debug, so therefore took significant time and resources of the criminals that wrote it. They just wouldn't do that for a platform with insignificant market share, which is great for Apple fans (the market share, not the malware). However, it's odd how this infection could happen in the first place, given how many hardcore Apple Mac fans know their machines are so secure and bulletproof that they don't need any security software...
Add your own comment

55 Comments on Bitcoin & Password Stealer Trojan For Mac Now Available!

#1
reverze
wouldnt have happened on windows.
Posted on Reply
#2
kid41212003
Isn't this sound like Anonymous's doing?

If i remember correctly, they have an anti child pornography moving going on.
Posted on Reply
#3
qubit
Overclocked quantum bit
by: reverze
wouldnt have happened on windows.
Indeed it wouldn't, because, because most Windows users know to run security software, or it comes bundled when they get a new PC.
Posted on Reply
#4
Easy Rhino
Linux Advocate
this kind of thing will happen.
Posted on Reply
#5
Kreij
Senior Monkey Moderator
by: qubit
Indeed it wouldn't, because, because most Windows users know to run security software, or it comes bundled when they get a new PC.
Baloney. Malware is malware and people will fall prey to it on any OS if they take no precautions.

It's interesting that this is targetted at the Apple OS though.
Posted on Reply
#6
Scheich
cant you just turn up the turbo a bit more on the mac fans, i would like that :laugh:
Posted on Reply
#7
qubit
Overclocked quantum bit
by: Kreij
Baloney. Malware is malware and people will fall prey to it on any OS if they take no precautions.

It's interesting that this is targeted at the Apple OS though.
Well yeah, of course it happens lots to PCs, I'm just having a dig at the misplaced smugness of Apple users. This is becoming a real satisfying "I told you so!" moment to all those in Mac land who are in denial over the security of their computers. :D
Posted on Reply
#8
newtekie1
Semi-Retired Folder
So is Apple still taking the stand of denying Malware exists on Macs and refusing to help their customers with it?
Posted on Reply
#9
Halk
If anything Appletards should be proud of this. It's testament to the success of their prison err walled garden OS that it's now economical to design malware for it.
Posted on Reply
#10
entropy13
This is just propaganda spread by the jealous and mindless in their sorry attempts to sully the purity of Macs. Such acts further reinforces the undisputed superiority of Macs and the Holy Apple over the non-believers and heathens. It is with a heavy heart however that we have to contend with such lies spouted by the ignorant masses in their vain attempt to lower our magnificent Macs down to their levels of vulnerability. Glory to Apple! Glory to Macs! Death to the spreader of lies!
Posted on Reply
#11
Wrigleyvillain
PTFO or GTFO
You guys are idiots.

And I wanna be a News guy too so I can push my agenda around here as well.
Posted on Reply
#12
wickerman
I really hate looking like the guy defending Apple at every turn, but so many sites are reporting this news as some kind of failing of apple security rather than the more sophisticated nature of new malware developed for bitcoin mining. Some sites are failing to point out that this same malware has been developed to run not only on OSX, but also on Windows, Linux, and even Solaris.

To make out that this is an issue that exists solely with OSX is not only false, but fails to inform so many potential victims of the nature of this malware. In fact I think PC users here are at greater risk, given that most of us run higher end systems than what Apple systems are equipped with. Our GTX 580s are going to provide several times as much processing power as the mobile GPUs used in various mac products today or in previous generations. Someone looking to exploit my systems would certainly be making a hell of a lot more money of my GTX 580/2600K box than they would out of my 320M/1.86 core 2 duo equipped macbook air...especially given the fact that my PC runs 24/7 while my laptop is only on for work.

And while I don't agree with Apple's policy to deny the real threat of malware and trojans on their OS, to say they are unhelpful is really to say they are realistic. If your Linux box gets infected who do you call? If your windows box gets infected, do you really call Microsoft? Yes they offer the Windows Security Essentials as a free optional download, and may help you run it...but to what end is your support? If you have to reinstall windows, do you think Microsoft is going to give you a new windows key? Do you think they will call Dell for you and have them send out a support tech or have them issue you a new pc? Get real, if your system gets infected you are pretty much on your own to solve the problem. Each OS has software you can run to detect and remove malware and trojans and most of them do not ship with the OS, are not enabled by default, or are not as powerful as commercial software you might buy or even free software you might use.

It is said by everyone, every time a new form of malware/trojan/virus/exploit appears on the radar - a system is only as secure as it's user allows it to be. Many of these systems exploit vulnerabilities not in the OS itself, but often with 3rd party programs like flash, java, etc that you give admin rights to.
Posted on Reply
#13
Fx
by: wickerman
To make out that this is an issue that exists solely with OSX is not only false, but fails to inform so many potential victims of the nature of this malware.
Reread the Title:
"Bitcoin & Password Stealer Trojan For Mac Now Available!"

this doesnt by any means define 'soley'

Maybe if Mac fans didnt want to be the joke of unfortunate attacks they would think twice before making such bold claims of their OS's being secure...

in my book... one good turn deserves another...
Posted on Reply
#14
phanbuey
this is some awesome exploit code... I wish I knew how to do all that.

Anyways, who cares apple or windoes... someone out there is smarter than you and they will one day make your facebook enabled fridge to steal all ur shit, and your web-capable pantry pee in your cheerios. Apple or not, the moral of this story is your f*(%ed.
Posted on Reply
#15
theJesus
The other day, my sister told me she wanted a Mac because they don't get viruses :shadedshu . . .

I replied, "FALCON PUNCH!" and beat some sense into her.
Posted on Reply
#16
phanbuey
by: theJesus
The other day, my sister told me she wanted a Mac because they don't get viruses :shadedshu . . .

I replied, "FALCON PUNCH!" and beat some sense into her.
Did you tell her about the fridge being able to roofie her Zima?
Posted on Reply
#17
WarraWarra
So a lame cloud osx on lame primitive hardware that is sold for 8 times of equivalent hardware because of a half eaten apple logo that is somehow supposed to justify the price.

Now they have this ? I presume Apple users found this way to start rebelling and maybe "French Revolution, off with Apple Management heads" about their useless hardware / bug OSX "eat cloud to the hungry"
Apple knows they are the next blackberry of pc + os manufacturers and busy fading in importance. Would not put it past them to create this in-house just to stay relevant.

Come to think of it I have a brand new Apple Mac book pro that is laying around here somewhere, 4 weeks that I have not unboxed it, huh.
Thank god I was not stupid enough to pay for it, someone else did and was.
Posted on Reply
#18
[H]@RD5TUFF
But everyone know mac are immune to this .. . .:laugh:
Posted on Reply
#19
nINJAkECIL
I'm not surprised to see this kind of news.
I'm more surprised to the fact that this trojan using gpu power,and I'm even more surprised if sophos happens to have a vaccine.
Posted on Reply
#22
laszlo
all pcs's are imune to malware and viruses till you don't turn them on so apple next move should be to ask their customers to turn off all and problem solved
Posted on Reply
#23
Fx
by: pr0n Inspector
It's funny how qubit cited Ars for the bitcoin article but didn't notice this:

Researchers discover zero-day Windows exploit in Duqu virus

Duqu: Status Updates Including Installer with Zero-Day Exploit Found


Agenda much?

* it's even on Sophos
http://nakedsecurity.sophos.com/2011/11/02/new-zero-day-windows-kernel-vulnerability-associated-with-duqu-trojan/
how are people getting it twisted?

I found it pretty obvious that the point of this article isnt that Windows isnt vulnerable to these types of attacks because all of us here know they are. the point is that Macs are susceptible to these attacks and many ignorant fanboys are just now finding out after bragging and proclaiming for years that they arent...
Posted on Reply
#24
pr0n Inspector
by: Fx
how are people getting it twisted?

I found it pretty obvious that the point of this article isnt that Windows isnt vulnerable to these types of attacks because all of us here know they are. the point is that Macs are susceptible to these attacks and many ignorant fanboys are just now finding out after bragging and proclaiming for years that they arent...
No I mean why this news from days ago was posted just now but another piece of news that is more relevant to Windows users here, more recent and on the front pages of those same sites is ignored.
Posted on Reply
#25
Haytch
Anyone that assumes that the Mac OSX is invulnerable, deserves to own it.
It's like having unsafe sex constantly, of course you deserve a virus.

Granted, software based Anti-virus applications are far from perfect, but a warning is all that should be required. At the end of the day, it's still up to the individual to proceed or not. Surfing the internet with no protection is silly. Using the internet unprotected for personal banking and such is idiotic. Some people cant be taught, some people are learning, long term Windows based users have already learnt their lesson.

Changing lanes whilst driving without indication is silly. Driving at twice+ the speed limit and taking corners like its all a video game is idiotic. some people cant be taught, some people are learning, I REFUSE TO DRIVE ANY OTHER WAY!!!

Personally, i KNOW that every single internet banking style transaction is recorded, especially your details lol. It's the frame of mind i prefer to take. My risk's are better calculated.

Steve Jobs should have told the truth before he died. DIED!
Posted on Reply
Add your own comment