New variants of the DevilRobber Mac OS X TrojanFound in Trojaned Apps Are Stealing Data

Pierluigi Paganini November 06, 2011

Mac malware has been making some headlines in the last few months, as attackers have begun applying to OS X some of the tactics they’ve been using on Windows for decades.

Security analysts have discovered several variants of the DevilRobber Mac OS X Trojan, the last one is also able to steal files, installs a Web proxy and steal the user’s Safari browsing history.

Researchers at F-Secure say the some of the variants appear to be looking for specific pornographic files on infected Macs and steals passwords from the machine in order to access any files that may be protected. All of the variants of DevilRobber have the ability to take data from the machine and upload it to a remote server.

The new variants were discovered in legitimate Mac applications that had been Trojaned and then shared on Pirate Bay.

Apple is responding with the announcement that all apps submitted to the Mac App Store will have to have a sandbox by March 2012.

F-Secure analysis

 



you might also like

leave a comment