Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
A Mac OS X trojan is emptying Bitcoin digital wallets.
The DevilRobber malware was bundled in several Mac applications distributed over BitTorrent including a Mac OS X image editing application called GraphicConverter version 7.4
Once on a machine, the malware attempts to steal the Bitcoin virtual currency, Sophos consultant Graham Cluley said.
Bitcoin was created in 2009 and is a form of virtual currency that can be transferred anonymously from person to person online without going through a bank.
It was accepted by some online merchants and can be traded for dollars at online currency exchanges, such as Mtgox.com.
DevilRobber also uses infected Macs to perform “Bitcoin mining,” a way of earning the virtual currency by using a machine's computational power and open-source software to solve cryptographic problems.
The malware attempts to steal usernames and passwords and spy on users by taking screen shots, Cluley said.
The trojan is not particularly widespread at the moment, as it has only been seen in a handful of Mac apps on torrent sites, researchers at security firm Intego said in a blog post Friday. Overall, the malware is complex and performs several different operations.
“It is a combination of several types of malware: It is a trojan horse, since it is hidden inside other applications; it is a backdoor, as it opens ports and can accept commands from command-and-control servers; it is a stealer, as it steals data and Bitcoin virtual money; and it is spyware, as it sends personal data to remote servers,” Intego researchers wrote.
When the malware-laden program is launched, a script looks for a network traffic blocker, called LittleSnitch. If LittleSnitch is found on the machine, the program terminates.
In June, a trojan identified as Infostealer.Coinbit was propagating in the wild and targeting Bitcoin digital wallets installed on Windows computers.
This article originally appeared at scmagazineuk.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.