Monday, November 21, 2011

Mac OS X DevilRobber Trojan Now Dressed in Pixelmator Clothing

DevilRobber Trojan Now Disguised as PixelmatorThe DevilRobber Trojan targeting Mac OS X has a new outfit and a brand new set of tricks, according to the latest report from F-Secure researchers.

Previous versions of DevilRobber Trojan Horse infected OS X machines by piggybacking pirated copies of popular image editing applications, GraphicConverter v7.4, Corel Painter and Flux. However, the latest variant of the DevilRobber Trojan only carries the label of another well-known image editing program, Pixelmator and none of the actual code.

When ran, the fake Pixelmator program (DevilRobber Trojan in disguise) acts as an FTP downloader that connects to a remote server to download and install a backdoor – “bin.cop” – on the computer.

Although the malware still attempts to steal BitCoin wallet contents and use the computer’s CPU and GPU power to mine BitCoins, it does feature some significant changes from previous versions of DevilRobber.

For instance, the new version doesn’t bother checking to see if Little Snitch is installed on the machine, nor does it take screenshots of the end-user’s activities and upload them to a remote server. Instead, the third installment of the DevilRobber Trojan harvests login credentials from the popular 1Password password management tool, system log files and your shell command history.

Thankfully, users can easily avoid coming into contact with the new version of the DevilRobber Trojan by downloading software directly from the developer. The DevilRobber Trojan is only spread via pirated software.

Be sure to follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest computer security threats.

No comments:

Post a Comment