AAPL Stock: 118.38 ( + 0.08 )

Printed from

Alert: New Mac malware hiding in pirated graphics software

updated 09:05 pm EDT, Mon October 31, 2011

Steals GPU time, tries to capture passwords, more

Anti-malware makers Sophos and Intego have warned of a new Mac OS X Trojan Horse that hides inside pirated software, specifically GraphicConverter v7.4. The malware, known as OSX/Miner-D or "DevilRobber," steals GPU time to generate counterfeit Bitcoins (part of anonymous digital cash system) and also attempts to steal usernames and passwords through periodic screen captures. It also sends information about the Mac's security setup and browsing history to a remote server.

In addition, if the user is already a Bitcoin user, the malware will also try to steal the credit out of the Bitcoin "wallet." The Bitcoin digital currency has found some favor in the open-source world another communities, but has been plagued with security breaches. The malware has been added to versions of GraphicConverter that have been uploaded to illegal file-sharing networks, so at present the malware is extremely easy to avoid -- but it could spread to other pirated files. Because of this, all pirated software should be regarded as potentially infected and avoided.

The pirated GraphicConverter, when installed, also installs a Java-based app called "DiabloMiner" that uses the GPU to do the mathematical calculations needed to generate Bitcoins. Because it hides inside a legitimate app, it is classified as a Trojan horse, but also acts as a backdoor and spyware, since it tries to send unauthorized data to remote servers. Because the user actively gives permission for the pirated software to be installed, the added malware also gains this authorization as part of the package.

Users who may have installed the pirated software may be able to detect whether they have gotten the malware as well by noticing any sluggishness in their computer, particularly during graphically-intense operations. All of the major anti-virus and anti-malware makers for the Mac have updated their definition files to prevent the malware from working, and it is likely that Apple itself will follow suit with a silent upgrade to its own anti-malware protection in due course.

Legitimate users and buyers of GraphicConverter have no cause for concern. Both Sophos and Intego offer free or trial versions of their anti-malware software for home Mac users.

by MacNN Staff



  1. facebook_Michael

    Via Facebook

    Joined: Oct 2011


    As long as it's only ...

    in the pirated software, I'm not worried. Seems a good thing to me.

  1. chas_m




    I'm very anti-piracy myself, but NO it's not a good thing. It's a potential security flaw that Apple should fix now that they are aware of it.

  1. Mr. Strat

    Joined: Dec 1969


    More FUD

    I just love it when companies who just happen to sell anti-virus software warn us about potential threats.

  1. testudo

    Joined: Dec 1969


    Re: More FUD

    And I just love when idiot commenters always make the same comment about anti-virus makers warning you about threats.

    Pray tell, who else would know about such threats? Who would you trust that a threat existed?

    Apple? Oh, wait, they'll probably tell you to upgrade your OS to Lion to be protected, so that's just a money grab too.

    Perhaps MS? Nah, they're spreading FUD to keep Windows users.

    Oh, I know, how about some bloggers or a columnist in a magazine? Nah, they're just idiots. What do they know, they aren't experts in the world of computer security.

    Hackers? Nah, can't be trusted. They're just probably trying to make people think that OS X is not super solid and to get some street cred or something.

    Gee, so, really, there's no one who could say "Hey, there's a threat out there for the Mac" that you couldn't claim was a piece of FUD by the crowd of Anti-Apple people or those trying to make a quick buck.

  1. testudo

    Joined: Dec 1969


    Re: No

    I'm very anti-piracy myself, but NO it's not a good thing. It's a potential security flaw that Apple should fix now that they are aware of it.

    There is NO security flaw. These are trojan horses, which means they are just programs that hide their payloads. You can't protect against such a thing. You're actually running the stupid thing yourself!

  1. nhmlco

    Joined: Dec 1969


    comment title

    As far as I'm concerned, pirates deserve whatever they get...

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Ultimate Ears Megaboom Bluetooth Speaker

Ultimate Ears (now owned by Logitech) has found great success in the marketplace with its "Boom" series of Bluetooth speakers, a mod ...

Kinivo URBN Premium Bluetooth Headphones

We love music, and we're willing to bet that you do, too. If you're like us, you probably spend a good portion of your time wearing ...

Jamstik+ MIDI Controller

For a long time the MIDI world has been dominated by keyboard-inspired controllers. Times are changing however, and we are slowly star ...


Most Commented