• New Macintosh Trojan Dangerous Processing Power Thief [Yawn]

    Yup... another one.

    So recently, two big trojans were discovered by Sophos, a security company. One of them attacked and shut down your Apple Anti-Malware system, and one of them used your computer as a virtual tank that could shoot down websites with the power of DDoS from a remote control source. Now there's another one to be careful of. A new Mac OS X Trojan has been found which steals a video/graphics card's processing power to create Bitcoins. I know what a lot of you are going to ask. What's a Bitcoin?

    Basically it's electronic currency. You can buy things online with them, or share money using them.

    So.. it's a trojan that gives me virtual money? Where can I get it?
    No. It doesn't give you virtual money. It steals virtual money and there is absolutely nothing to gain from it. You don't want to get it.

    This malware is complex, and performs many operations. It is a combination of several types of malware: It is a Trojan horse, since it is hidden inside other applications; it is a backdoor, as it opens ports and can accept commands from command and control servers; it is a stealer, as it steals data and Bitcoin virtual money; and it is a spyware, as it sends personal data to remote servers.
    The trojan is called OSX/Miner-D or DevilRobber. It's an advanced infection that spreads around the malware table in more than just the category of being a trojan. As Intego reported, it is not only a trojan but also a backdoor, stealer, and spyware. The infection can be caught using Intego Antivirus for Mac. It installs a Bitcoin miner (see video to understand what this is) on the infected computer called DiabloMiner, which is a legitimate Bitcoin miner.

    So.. why the sudden interest in Bitcoins?
    Bitcoins are pretty valuable little hashes. They are virtual currency, so it's obvious why hackers want to get their hands on them. They are an easy pickpocket. "One Bitcoin is currently valued at around $3.20," (Macworld) which is a great profit to be made. Collecting $3.20 per pop will add up quickly and definitely sparks interest for malicious hackers. Bitcoins aren't only good for criminal hackers but also for legitimate users. Since a user can transfer Bitcoins, they are a virtual means of money and like any other form of currency they add up.

    So.. you've rambled on about Bitcoins, but what does the trojan actually do?
    The trojan makes use of your GPU to create Bitcoins, even in the background. The GPU or graphics processing unit (the graphics/video card) is used to buffer graphics faster using either your RAM memory or its own built in dedicated memory. Because this trojan uses your GPU, your computer will become much hotter during use, and also you will notice slower gaming graphics rendering, video buffering, and image loading. In order to make use of the GPU, it also has to use your CPU or central processing unit (the processor of your computer). The trojan levels out your performance and renders your machine hot and sluggish; the same thing that would happen if you tried running a video game and compiling video in Final Cut Pro at the same time.

    Just a little warm.. that's it?
    No not really. It's more than a trojan. It's also spyware. Graham Cluley, a Sophos senior technology consultant explained how the little infection can also, "spy on you by taking screen captures and stealing your usernames and passwords" in the background of whatever you are doing. So not only are the cyber thieves making a pocket full of Bitcoins but they also get to see everything you're doing and enter all of your accounts (including banking) which opens the door to even more money, or confidential information. Cluley also says, "In addition, it runs a script that copies information to a file called dump.txt regarding truecrypt data, Vidalia (TOR plugin for Firefox), your Safari browsing history and .bash_history."

    How are people getting this infection?
    The program was discovered in a BitTorrent download of GraphicConverter 7.4, a popular image editor for Mac OS X. BitTorrent isn't a very highly advised program anyway it opens ports on your computer to unknown sources. Not to mention that it's used for piracy more than three quarters of the time. But just because the infection was discovered in this specific program download, Macworld warns that it could be existent in many other downloads as well.

    The big question. How can I protect myself?
    People rocking Macs thinking that everything's 'all good' because of their market share need to open their eyes. Market share isn't a legitimate reason for security. It's not a reason at all; it's an excuse.

    My recommendation for Mac users is to download an Anti-Virus and to be careful of what you download and when you enter your password. Never enter your password under any conditions unless you specifically meant for the prompt to appear. If a random window ever comes up asking for it, you should never enter it. Instead close the prompt.

    There are two very good and free Anti-Virus programs for Mac. Both are beautiful, and both are very light on resources:
    Sophos Anti-Virus for Mac OS X
    PCTools iAntivirus for Mac OS X

    Alternatively, if you want to pay for premium protection, I recommend Intego:
    Intego VirusBarrier X6 for Mac OS X

    So everyone, be careful. Don't download suspicious files and most importantly, download something to protect yourself from being hit in the head with a brick. With the a new Macintosh trojan being discovered every week, you can never protect yourself enough.

    Sources: Macworld
  • Connect With Us

  • Twitter Box

  • Facebook