We have another development in Macintosh malware. While Macintosh users do have fewer threats to worry about than Windows users, it does not mean they are impervious to attack. The second most popular malware plaguing the operating system is a cryptocurrency miner.
Cryptocurrency Mining and Malware
We have seen multiple iterations of cryptocurrency mining malware over the past few years. Virtually all of these tools are designed to infiltrate Windows computers and use its resources to mine any cryptocurrency the developers feel is profitable. Whereas Bitcoin mining was the primary currency to mine a few years ago, this situation has changed in favor of Ethereum, Monero, and ZCash.
Cryptocurrency mining malware is also making its way onto Macintosh computers. A new report released by Symantec shows how there are quite a few different types of malware to be found on the Macintosh platform. The second-most common type of malware is a cryptocurrency miner. This particular tool is DevilRobber and it is currently seeing a massive spike in popularity.
It is anybody’s guess as to where this sudden surge in popularity comes from. Not too long ago, DevilRobber was responsible for “just” 2.4% of all Macintosh malware detections. Last month, that number suddenly increased to 21.6%. There must be at least one dedicated distribution campaign for this cryptocurrency miner, although researchers have no idea who is behind it. They also do not know how long this sudden spike in popularity will last.
DevilRobber has been around for quite some time, even though most people would know it under a different name. Miner-D and OSX.Coinbitminer are some of its other aliases. In fact, according to Intego, the source code of this malware dates back to October of 2011, indicating this is a relatively old type of cryptocurrency miner.
Do not let its age fool you, the Macintosh cryptocurrency miner has improved its potential greatly. Even though these improvements were introduced over the past few years, none of the new versions made a big impact. DevilRobber is certainly raising the bar in this regard. It appears the latest iteration spreads through torrent sites, which is a rather common method to distribute malware these days.
For the time being, it is unclear which cryptocurrency is mined by DevilRobber. Mining Bitcoin with regular computer equipment -even if it belongs to someone else- does not make any sense these days. Other cryptocurrencies, such as Litecoin, Ethereum, or ZCash are more profitable endeavors. Rest assured more information regarding DevilRobber will come to light in the coming months. If this popularity spike keeps up, things will get bad for Macintosh users.