DevilRobber Trojan Makes Bitcoins, Steals Data

| News

Mac DevilRobber trojan defrauds Bitcoin serviceIntego is warning Mac OS X users of a new Trojan horse app, dubbed DevilRobber, that uses their computers to generate Bitcoin virtual money, and also steals their personal data.

“This malware is complex, and performs many operations. It is a combination of several types of malware,” the computer security company said. “It is a Trojan horse, since it is hidden inside other applications; it is a backdoor, as it opens ports and can accept commands from command and control servers; it is a stealer, as it steals data and Bitcoin virtual money; and it is a spyware, as it sends personal data to remote servers.”

The malware is also performing what’s known as Bitcoin mining, which is “a way of defrauding the Bitcoin virtual money service by making calculations and generating Bitcoins,” according to Intego.

DevilRobber is showing up in third-party Mac apps on BitTorrent sites, and once installed looks for user’s Safari web browsing history, copies their Bitcoin wallet if they have one, attempts to capture passwords and other data, and transmits the information to remote servers.

Just like other Trojan horse malware apps, DevilRobber is easy to avoid simply by downloading apps from the developer’s website and other trusted sources such as Apple’s Mac App Store.

Popular TMO Stories



Looks like Intego posted this on Friday. Has Mac OS X’s built-in malware-definition list been updated to deal with it?


Now there’s malware that surreptitiously generates BitCoins?  Seriously?
If the malware writers have reached the point where it’s worthwhile to do something that mundane, then the production costs and ease of use for malware kits has hit the mass market levels.
That’s adding insult to injury.

For reference, the BitCoin system is set up to generate new coins if you successfully run a large batch of computations on a prescribed data set.  It’s very compute-intensive, but it’s part of the original BitCoin design.  The only real fraud on that end is the use of a BotNet to do all the calculations for them, instead of being limited to their own machines.

Log in to comment (TMO, Twitter or Facebook) or Register for a TMO account