Double whammy: New Mac Trojan spies on user, uses GPU

A new malware targeting computers running Apple's Mac OS X system packs a double whammy: it spies on the user, and uses the computer's graphics processing unit to mine for Bitcoins. Computer security firm Sophos said the malware — aptly dubbed DevilRobber (a.k.a. OSX/Miner-D) — comes with copies of an image editing app uploaded to file-sharing networks. "If your Mac computer was infected by the malware, the first thing you might notice is performance becoming sluggish. That's because OSX/Miner-D tries to generate Bitcoins, the currency of the anonymous digital cash system, by stealing lots of GPU (Graphics Processing Unit) time. GPUs are much better than regular CPUs at performing the mathematical calculations required for Bitcoin mining," it said in a blog post. "Yes, this Mac malware is stealing computing time as well as data," it added. Should the malware find the user's Bitcoin wallet it will also steal that, Sophos said. The Trojan is bundled in copies of the legitimate Mac OS X image editing app GraphicConverter version 7.4 that are distributed via torrent sites such as PirateBay. Aside from Bitcoin mining, the malware spies on the user by taking screen captures and stealing usernames and passwords. It also runs a script that copies information to a file called dump.txt regarding truecrypt data, Vidalia (TOR plugin for Firefox), Safari browsing history, and .bash_history. The Trojan also hunts for any files that match "pthc" but Sophos said it is not immediately clear if this looks for child abuse material. "Pthc" is sometimes used on the Internet to refer to pre-teen hardcore pornography, Sophos noted. "Of course, the producers of GraphicConverter have done nothing wrong themselves — they are victims of the criminals who are using their popular software as a trap to infect Mac users who download software from unofficial sources," Sophos said. Also, it said it is possible that other apps have also been distributed via torrent sites infected by the malware, or that the cybercriminals will use other methods to distribute their Trojan horse. Sophos advised Mac users to practice safe computing and only download software from official websites and legitimate download services. "But, in addition to that, it's becoming clearer every week that Mac users need to take malware protection more seriously by running anti-virus software," it said. — RSJ, GMA News