Bitcoin mining Program for Mac
Summary
Backdoor:OSX/DevilRobber.A silently installs applications related to Bitcoin-mining; it may also harvest data from the infected machine and listen for additional commands from a remote user.Disinfection & Removal
Manual Removal Instructions
The following instructions apply to the original version of DevilRobber:
- 1. Delete this folder and all its contents: ~/Library/mdsa1331
- 2. Delete this file: ~/Library/LaunchAgents/com.apple.legion.plist
The following instructions apply to the updated version of DevilRobber (DevilRobberV3):
- Delete the folder and all its contents: ~/Library/Pixel_mator
- Delete this file: ~/Library/LaunchAgents/com.apple.pixel.plist
Note: For both versions, subsequently continuing to use the bundled software will reinstall the malware.
Technical Details
The components of this malware are bundled together with (pirated) legitimate programs. At time of writing, these programs were being offered on the popular torrent-hosting website, The Pirate Bay.
Once active, the malware is capable of stealing information from the infected system; it may also run (separate) applications related to Bitcoin mining.
The technical details listed below are for the original DevilRobber version. This version was also discussed in a Labs Weblog post.
Update (17 Nov 2011)
An updated version of DevilRobber has been discovered, with minor changes in its distribution and operation. This version was discussed in a Labs Weblog post.
Source: www.f-secure.com
Related posts:
- Bitcoin mining odds
- Bitcoin mining whirlpool
- Bitcoin mining Intel Atom
- Bitcoin mining problems
- Bitcoin mining for Mac