A Mac OS X trojan is emptying Bitcoin digital wallets.
The DevilRobber malware was bundled in several Mac applications distributed over BitTorrent including a Mac OS X image editing application called GraphicConverter version 7.4
Once on a machine, the malware attempts to steal the Bitcoin virtual currency, Sophos consultant Graham Cluley said.
Bitcoin was created in 2009 and is a form of virtual currency that can be transferred anonymously from person to person online without going through a bank.
It was accepted by some online merchants and can be traded for dollars at online currency exchanges, such as Mtgox.com.
DevilRobber also uses infected Macs to perform “Bitcoin mining,” a way of earning the virtual currency by using a machine's computational power and open-source software to solve cryptographic problems.
The malware attempts to steal usernames and passwords and spy on users by taking screen shots, Cluley said.
The trojan is not particularly widespread at the moment, as it has only been seen in a handful of Mac apps on torrent sites, researchers at security firm Intego said in a blog post Friday. Overall, the malware is complex and performs several different operations.
“It is a combination of several types of malware: It is a trojan horse, since it is hidden inside other applications; it is a backdoor, as it opens ports and can accept commands from command-and-control servers; it is a stealer, as it steals data and Bitcoin virtual money; and it is spyware, as it sends personal data to remote servers,” Intego researchers wrote.
When the malware-laden program is launched, a script looks for a network traffic blocker, called LittleSnitch. If LittleSnitch is found on the machine, the program terminates.
In June, a trojan identified as Infostealer.Coinbit was propagating in the wild and targeting Bitcoin digital wallets installed on Windows computers.