Warning: New Mac trojan hides in pirated graphics software

“Anti-malware makers Sophos and Intego have warned of a new Mac OS X Trojan Horse that hides inside pirated software, specifically GraphicConverter v7.4,” MacNN reports. “The malware, known as OSX/Miner-D or “DevilRobber,” steals GPU time to generate counterfeit Bitcoins (part of anonymous digital cash system) and also attempts to steal usernames and passwords through periodic screen captures. It also sends information about the Mac’s security setup and browsing history to a remote server.”

“In addition, if the user is already a Bitcoin user, the malware will also try to steal the credit out of the Bitcoin ‘wallet,'” MacNN reports. The malware has been added to versions of GraphicConverter that have been uploaded to illegal file-sharing networks, so at present the malware is extremely easy to avoid — but it could spread to other pirated files. Because of this, all pirated software should be regarded as potentially infected and avoided.”

More information the full article here.

[Thanks to MacDailyNews Reader “Edward Weber” for the heads up.]

MacDailyNews Note: Don’t steal software.

Here’s our usual oft-repeated reminder for Mac users and anyone who’s trying to use any other platform: Do not download and authorize the installation of applications (Trojans) from untrusted sources. No OS can protect users from themselves (or we wouldn’t be able to install any software). Those who grant attackers access to their Macs, should not be surprised to find their Macs are compromised.

Related articles:
Hackers port Linux trojan to Mac OS X – October 26, 2011
Apple updates OS X Lion, Snow Leopard malware definitions to address new trojan – September 26, 2011
New OS X trojan horse sends screenshots, files to remote servers – September 23, 2011
Apple: How to avoid or remove MACDefender malware (permanent fix coming in Mac OS X update) – May 24, 2011
Apple: How to avoid or remove MACDefender malware (permanent fix coming in Mac OS X update) – May 24, 2011
MACDefender trojan protection and removal guide – May 20, 2011
Apple investigating ‘MACDefender’ trojan – May 19, 2011
Apple malware: 6 years of crying wolf – May 6, 2011
Is Mac under a virus attack? No. – May 4, 2011
Intego: MACDefender rogue anti-malware program attacks Macs via SEO poisoning – May 2, 2011
Sophos details new Mac OS X Trojan – February 28, 2011
Warning: Mac users beware of yet another trojan masquerading as video codec – June 11, 2009
CNN blows it; gets all worked up about a Mac Trojan that isn’t the first nor is it the last – April 23, 2009
Mac trojan expands to affect pirated versions of Photoshop CS4 – January 26, 2009
Intego: Mac trojan horse found in pirated Apple iWork ‘09 – January 22, 2009
New Mac OS X Trojan horse identified – June 23, 2008
Mac OS X Scareware trojan ‘MacSweep from Imunizator’ tries to scam Mac users – March 29, 2008
Mac trojan makers churn out slightly modified versions to evade anti-malware detection – November 08, 2007
Mac DNS Changer Trojan [OSX/Puper] relatively simple; works like the Windows version – November 01, 2007
New Mac OS X Trojan warning – February 16, 2006
Apple: ‘Opener’ is not a virus, Trojan horse, or worm – November 02, 2004

25 Comments

    1. No kidding. I had not heard of GraphicConverter until I read this MDN post. If it was some wildly overpriced Adobe software (I realize that is redundant), it would be different. But, as you point out, $40? I’m gonna buy it .

      1. Thryll, I’ve been using GraphicConverter for many years. It is an amazingly-good piece of software. The author, Thorsten Lemke, is so dedicated to his customers, the whole package is Mac heaven for graphics users.

        1. I hope this doesn’t hurt GC’s reputation too much since, as so many know, it is a great piece of software. Hopefully, those of us who know will be vocal about it to counteract the bad publicity this is generating.

  1. Bottom line is, over the past two years, there is an increased volume of malware out there.

    Last year, when ‘antennagate’ hit the media, Jobs masterfully deflected it by re-framing the argument: “All cellphones have problems”. In other words, our antenna may have issues, but other phones do as well. That way, we diluted the black-white issue (a defective antenna) into an endless debate about exactly how much worse the iPhone 4 antenna was compared to the competition. The scandal was pretty much over.

    Same thing here: up until about a year or two ago, we were up high on our perch, confidently boasting about malware-free OS. Today, we simply can’t do this, and can only endlessly argue that there are significantly fewer trojans for OS X than there are for Windows. Once we begin to debate the ratios, we are losing our main arguing point.

    1. Not quite. MacOS is free of viruses (which propagate by themselves) – Trojans (which you need to install yourself) have been around for a while. So rather then spreading nonsense please inform yourself first.

      Why anyone would download a pirated version of GraphicConverter is beyond me – you can simply download the fully functional version from the author’s website … and yes, please do as it is an excellent program (you have to live with a 30 sec nag screen on startup until you register)

      1. The depressing thing is that no matter how hard we try, people won’t understand the difference between virus, worm, and trojan. They’ll just see “Macs are vulnerable now”, when the truth is that OS X has always been vulnerable to trojans, just as all OS’s are. Trojans just haven’t been the preferred method of delivery until now.

        ——RM

    2. Predrag, you let me down…I thought you were a little more sane. Oh well….

      First of all, the iPhone antenna was NOT defective. All cars slip on ice…the cars are not defective. Apple uses the same design even now. Yes it is improved….but thats just normal for Apple, they improve EVERYTHING.

      Second, as far as malware is concerned…..basicly just read what MDN has to say …..i was going to say the same thing as MDN.

  2. @MDN Take:

    Here I am again, wondering when MDN will modify its auto-Take on Trojan horses. They used to be right, but there IS an OS that protects the user while still allowing the user to install software. Guess who makes that OS? Apple does – it’s called iOS.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.