New Mac OS X trojan on the loose
Feb 13, 2014 9:55:22 GMT
Post by CharlieChomper on Feb 13, 2014 9:55:22 GMT
While the odds of this actually happening are fairly low to the average Mac user, unless you're into Bitcoins, there is a piece of malware out there that is affecting OS X users (and only OS X users). It disguises itself as an app (with the most common methods of distribution being CNET's download.com and Apple's own Mac App Store--at the App store it is going by a couple of different names whereas at download.com, it can be found under several different names), but one mainly aimed at Bitcoin or Litecoin users (or a number of other so-called "cryptocurrency" out there). Most of the malware has had the name "ticker" in its name, although it has sometimes claimed to send and receive payments for the currency in question--it has also been spotted "in the wild" as it were, so it is also possible to have it installed without deliberately doing so.
What makes this trojan a particular issue is that it's monitoring users' web activity and stealing login information, passwords, etc.--especially targeting Bitcoin and Litecoin-related accounts and information, with users then either losing access to their accounts or more often having it happen that they log in to find their accounts completely cleaned out (to provide some idea into why this is especially worrisome, 20 Bitcoins would be the equivalent of $12,000US (or 8.808,64 Euros), as most cryptocurrency carries the value of real world currency and can be exchanged for it as such--so one user who did lose that much, literally lost $12,000US worth of real life money through this trojan as they reported to have lost 20 Bitcoins to it). It is also a nuisance in that it installs browser extensions that can prove to be difficult for the user to remove which further spies on users (it doesn't just "target" any one browser either--it appears to be affecting Safari and Chrome equally, with the user unaware it's even there at times--Firefox appears to be immune to it, however). Some of the extensions even appear to be legitimate (such as "pop-up blocker" or another generic name that appears harmless), but obviously are not.
However, what makes it more of a concern beyond the theft of login information and password (and cryptocurrency) is that it's also stealing Mac users' user login information, but also their UUID (unique identifier) for the Mac that's been infected by it. It also has been aggressively attacking or or blocking out security software (including those used by security companies to try and analyze it in hope of finding a way of preventing it or getting rid of it) or updating itself in order to do so.
There is a walk-through on how to remove it from your system manually, however.
What makes this trojan a particular issue is that it's monitoring users' web activity and stealing login information, passwords, etc.--especially targeting Bitcoin and Litecoin-related accounts and information, with users then either losing access to their accounts or more often having it happen that they log in to find their accounts completely cleaned out (to provide some idea into why this is especially worrisome, 20 Bitcoins would be the equivalent of $12,000US (or 8.808,64 Euros), as most cryptocurrency carries the value of real world currency and can be exchanged for it as such--so one user who did lose that much, literally lost $12,000US worth of real life money through this trojan as they reported to have lost 20 Bitcoins to it). It is also a nuisance in that it installs browser extensions that can prove to be difficult for the user to remove which further spies on users (it doesn't just "target" any one browser either--it appears to be affecting Safari and Chrome equally, with the user unaware it's even there at times--Firefox appears to be immune to it, however). Some of the extensions even appear to be legitimate (such as "pop-up blocker" or another generic name that appears harmless), but obviously are not.
However, what makes it more of a concern beyond the theft of login information and password (and cryptocurrency) is that it's also stealing Mac users' user login information, but also their UUID (unique identifier) for the Mac that's been infected by it. It also has been aggressively attacking or or blocking out security software (including those used by security companies to try and analyze it in hope of finding a way of preventing it or getting rid of it) or updating itself in order to do so.
There is a walk-through on how to remove it from your system manually, however.