Advertisement

Two new Mac malware concerns: Tsunami and DevilRobber

victor agreda jr
Updated ·2 min read

As reported yesterday by Computerworld, there are two malware threats for OS X to concern yourself with (temporarily). The first, Tsunami, isn't much of a threat yet. The other, DevilRobber, may be slowing your Mac down as we speak. Here's more info on each of them.

Tsunami

Basically a ported version of some rather old Linux malware, Tsunami isn't being seen widely just yet. Still, the trojan appears to be evolving, and has even been updated for Macs in the variant Tsunami.A, as discussed on this ESET Security blog post.

What does Tsunami do? The original was a backdoor program, which uses IRC to control your machine and coordinate Distributed Denial of Service attacks. Tsunami.A adds the ability to copy itself, and includes an updated IRC command and control server (which were not active at the time ESET wrote their post).

Thus far, Tsunami is merely on the radar and appears to be in active development, but not widely disseminated yet.

DevilRobber

While Tsunami may be on the horizon, DevilRobber is out there right now, and could be slowing your Mac down. DevilRobber, as Intego reports, isn't just one thing, it's a Trojan horse, a backdoor (allowing control), it can steal data (and surreptitiously mine Bitcoin virtual currency) and it can send personal data to servers (thus making it spyware as well). Sounds nasty, eh?

Apparently the malware installs DiabloMiner, which is used in creating Bitcoins. Using this legit software, DevilRobber, aka OSX/Miner-D, can suck up processor cycles and generate the hashes used in Bitcoin's currency. Essentially the malware is using your computer to generate Bitcoins likely without you knowing what is going on.

Worse, Sophos senior tech consultant Graham Cluley told Computerworld that DevilRobber can take pictures of your screen, thus stealing sensitive info, and "it runs a script that copies information to a file called dump.txt regarding truecrypt data, Vidalia (TOR plugin for Firefox), your Safari browsing history and .bash_history" -- all of which are bad things.

So how big a threat is DevilRobber? Chances are, if you don't download torrents of commercial Mac software, you're fine. Intego's Mac Security Blog has some more info on DevilRobber, but for now it doesn't appear to be widespread. Also, as with Flashback.C, some users are reporting that if you have LittleSnitch installed and enabled the malware will bail.

As usual, we suggest you don't illegally download commercial software via Bittorrent and only download from trusted sources (a developer's site is a good bet, and don't forget about the Mac App Store). If you suspect your machine may be infected, schedule a trip to a local Genius Bar or use antivirus software to scan your machine.