A Trojan that Generates Bitcoins

It was bound to happen eventually but a trojan is now circulating for OS X that syphons a victims computing power and uses it to mine Bitcoins:

“This malware is complex, and performs many operations,” security researchers from Mac antivirus vendor Intego warned. “It is a combination of several types of malware: It is a Trojan horse, since it is hidden inside other applications; it is a backdoor, as it opens ports and can accept commands from command and control servers; it is a stealer, as it steals data and Bitcoin virtual money; and it is a spyware, as it sends personal data to remote servers,” they explained.

The Bitcoin mining program that DevilRobber installs on infected computers is called DiabloMiner and is a legitimate Java-based application used in the virtual currency’s production.

The one flaw in this trojan (besides requiring manual intervention by a user to get installed) is using a Java-based application to perform Bitcoin mining. Mac OS 10.7 doesn’t include Java by default and the user must manually install it if they want to run Java applications. While a prompt will appear asking the user if they want to install Java when they try to use a Java applet those are fairly uncommon at this point so the chances of a user running 10.7 having Java installed is actually pretty low.

Still the application appears to also seek out and steal Bitcoin wallets. I’m rather shocked that we didn’t see this kind of trojan come to the attention of network security sites before now. When I first looked into Bitcoin one of the first ideas that popped into my malicious thought filled head was how easy it would be to use a massive botnet to mine a great number of Bitcoins.