DevilRobber Trojan is PixelMator in Camouflage
The Trojan DevilRobber in a fresh variant is getting distributed as counterfeit editions of the widely used Graphic Converter software as also likewise, the creators of the malicious program are aiming attacks on more graphic applications through the unleashing of the new Trojan masked as PixelMator, the well-known software for editing images, published eSecurity Planet on November 17, 2011.
Different from the Trojan's first version, which was implanted on Graphic Converter software, the latest edition doesn't have the authentic PixelMator program's any element, rather it's merely the program's disguised form. Once executed, the phony PixelMator becomes the fundamental downloader, which communicates with certain FTP-servers for pulling down as well as loading the Trojan.
DevilRobberV3, like its predecessors, even now filches from Bitcoin stores of end-users and creates more Bitcoins, while among its newer activities, it seizes passwords from 1Password a well-known program for managing passwords and additionally seizes history files of Terminal command along with files for system logs.
Basically Bitcoin, when in perfect form, solves problems, innate to known currencies, like monetary organizations aiming for greater efficiency, inflation, double-spending, and corruption. However, security problems related to account seizure, exchange infringement or original FUD undermine this problem-solving effort.
Furthermore, security researchers from F-Secure say that DevilRobberV3 is primarily different in the way it distributes its payload through the conventional technique of downloading. According to them, when they analyzed the Trojan they found it to be one FTP-downloader, which pulls down own installer package for backdoors by connecting with a service provider hosting certain FTP-Server.
Also, the latest DevilRobber variant doesn't make sure regarding Little Snitch's installation i.e. whether or not it has been included before its own loading, and does not capture screenshots. Nonetheless, it contains characteristics, which aren't within the original variant.
Meanwhile, for telling whether end-users have pulled down DevilRobber they can examine their Mac-machines for unexceptionally slow functioning. However, the Trojan can be blocked via the installation of the latest security update whenever Microsoft Security Essentials makes it available, albeit many other anti-virus vendors for Mac-PCs too can identify DevilRobberV3. Besides, it's recommendable that no software from intermediary websites should be downloaded.
» SPAMfighter News - 23-11-2011