A newly discovered malware threat that targets Mac OS X systems has been found embedded in pirated copies of image editing software Graphic Converter. Known as DevilRobber or Miner-D, this latest piece of malware attempts to steal personal information and uses you machine's GPU to generate Bitcoins, a decentralized digital currency that can be exchanged online by users without the need for an intermediary bank or payment service.
Security vendor Intego says the malware was a combination of a Trojan horse, since it is hidden inside other applications; a backdoor, as it opens ports and can accept commands from command and control servers; a stealer, as it steals data and Bitcoin virtual money; and spyware, as it sends personal data to remote servers.
DevilRobber uses a legitimate mining program to generate Bitcoins, called DiabloMiner, but then sucks them out of the virtual wallet on the user's machine to send elsewhere. There have been other cases of malware designed to steal Bitcoin currency, but this is the first trojan that generates them first. One Bitcoin is currently valued at around US$3.20, and it is a good source of profit for both Bitcoin miners and cybercriminals who steal them.
The process of mining Bitcoins uses significant amounts of processing power, thus it will also reduce a machine's performance while operating. In addition, DevilRobber spies on users by taking screen captures and sending them to remote servers. It also attempts to steal usernames and passwords, runs scripts that can copy information from your browsing history and unlocked TrueCrypt data to a dump.txt file, and searches for child pornography cues.
So far, the Trojan has been detected in a torrent download for GraphicConverter version 7.4. It is not known at this time whether other Mac applications available on torrent sites are being bundled with the new malware.
Users are advised to refrain from downloading software via untrusted sources, and use a malware scanner to check their systems. Some recommended malware scanners for the Mac include ClamXav, Sophos, and VirusBarrier.