updated 09:05 pm EDT, Mon October 31, 2011
Steals GPU time, tries to capture passwords, more
Anti-malware makers Sophos and Intego have warned of a new Mac OS X Trojan Horse that hides inside pirated software, specifically GraphicConverter v7.4. The malware, known as OSX/Miner-D or "DevilRobber," steals GPU time to generate counterfeit Bitcoins (part of anonymous digital cash system) and also attempts to steal usernames and passwords through periodic screen captures. It also sends information about the Mac's security setup and browsing history to a remote server.
In addition, if the user is already a Bitcoin user, the malware will also try to steal the credit out of the Bitcoin "wallet." The Bitcoin digital currency has found some favor in the open-source world another communities, but has been plagued with security breaches. The malware has been added to versions of GraphicConverter that have been uploaded to illegal file-sharing networks, so at present the malware is extremely easy to avoid -- but it could spread to other pirated files. Because of this, all pirated software should be regarded as potentially infected and avoided.
The pirated GraphicConverter, when installed, also installs a Java-based app called "DiabloMiner" that uses the GPU to do the mathematical calculations needed to generate Bitcoins. Because it hides inside a legitimate app, it is classified as a Trojan horse, but also acts as a backdoor and spyware, since it tries to send unauthorized data to remote servers. Because the user actively gives permission for the pirated software to be installed, the added malware also gains this authorization as part of the package.
Users who may have installed the pirated software may be able to detect whether they have gotten the malware as well by noticing any sluggishness in their computer, particularly during graphically-intense operations. All of the major anti-virus and anti-malware makers for the Mac have updated their definition files to prevent the malware from working, and it is likely that Apple itself will follow suit with a silent upgrade to its own anti-malware protection in due course.
Legitimate users and buyers of GraphicConverter have no cause for concern. Both Sophos and Intego offer free or trial versions of their anti-malware software for home Mac users.