devilrobber
Latest
DevilRobber now "improved", still nasty malware threat
We previously told you about DevilRobber and what sort of unsavory things it can do to (and with) your Mac. (In case you don't click over to read the article, here's the scoop: it's bad. Real bad.) Back in the day (November 1st), it was a Trojan horse and sent a little of your personal info off to some far flung servers. But CNet is reporting the new version has mutated, and now it tries to grab your Terminal history and system logs. This new "improved" version can be picked up by downloading Pixelmator from someplace that is not the Mac App Store (currently the only place to legitimately get a copy). But the fun doesn't end there! It also tries (but does not succeed at) making off with information stored in your 1Password data file. CNet's story makes it sound like DevilRobber can actually do something with that file, but in reality that data is safe, as confirmed by Agile themselves. They have a nice writeup on their site about all of this and the steps you can take to make extra super sure your data is safe. This is also another of those opportunities we here at TUAW occasionally take to remind you that malware is bad but real, and you DO need to protect yourself. Remember "Macs don't get viruses" is just as accurate as "Macs don't have any good games" (which is to say not accurate at all), and protection is ridiculously easy. Get yourself a nice antivirus utility and spend a little time with Little Snitch to make sure nothing suspicious is being sent from your machine, and that should help you avoid a lot of problems.
Two new Mac malware concerns: Tsunami and DevilRobber
As reported yesterday by Computerworld, there are two malware threats for OS X to concern yourself with (temporarily). The first, Tsunami, isn't much of a threat yet. The other, DevilRobber, may be slowing your Mac down as we speak. Here's more info on each of them. Tsunami Basically a ported version of some rather old Linux malware, Tsunami isn't being seen widely just yet. Still, the trojan appears to be evolving, and has even been updated for Macs in the variant Tsunami.A, as discussed on this ESET Security blog post. What does Tsunami do? The original was a backdoor program, which uses IRC to control your machine and coordinate Distributed Denial of Service attacks. Tsunami.A adds the ability to copy itself, and includes an updated IRC command and control server (which were not active at the time ESET wrote their post). Thus far, Tsunami is merely on the radar and appears to be in active development, but not widely disseminated yet. DevilRobber While Tsunami may be on the horizon, DevilRobber is out there right now, and could be slowing your Mac down. DevilRobber, as Intego reports, isn't just one thing, it's a Trojan horse, a backdoor (allowing control), it can steal data (and surreptitiously mine Bitcoin virtual currency) and it can send personal data to servers (thus making it spyware as well). Sounds nasty, eh? Apparently the malware installs DiabloMiner, which is used in creating Bitcoins. Using this legit software, DevilRobber, aka OSX/Miner-D, can suck up processor cycles and generate the hashes used in Bitcoin's currency. Essentially the malware is using your computer to generate Bitcoins likely without you knowing what is going on. Worse, Sophos senior tech consultant Graham Cluley told Computerworld that DevilRobber can take pictures of your screen, thus stealing sensitive info, and "it runs a script that copies information to a file called dump.txt regarding truecrypt data, Vidalia (TOR plugin for Firefox), your Safari browsing history and .bash_history" -- all of which are bad things. So how big a threat is DevilRobber? Chances are, if you don't download torrents of commercial Mac software, you're fine. Intego's Mac Security Blog has some more info on DevilRobber, but for now it doesn't appear to be widespread. Also, as with Flashback.C, some users are reporting that if you have LittleSnitch installed and enabled the malware will bail. As usual, we suggest you don't illegally download commercial software via Bittorrent and only download from trusted sources (a developer's site is a good bet, and don't forget about the Mac App Store). If you suspect your machine may be infected, schedule a trip to a local Genius Bar or use antivirus software to scan your machine.
