Home Malware Programs Trojans DevilRobber Trojan

DevilRobber Trojan

Posted: November 23, 2011

Threat Metric

Threat Level: 9/10
Infected PCs: 4
First Seen: November 23, 2011
OS(es) Affected: Windows

DevilRobber Trojan is a Trojan horse that's, unusually, built for OS X operating systems rather than Windows computers. Although out-of-date DevilRobber Trojan variants were distributed in otherwise-legitimate graphics conversation packages, the latest version of DevilRobber Trojan is distributed in the form of a fake PixelMator program (a legitimate image editor). DevilRobber Trojan's capabilities, as noted by SpywareRemove.com malware research team, largely consist of theft of personal information and the ability to tamper with Bitcoin values. As a Trojan, DevilRobber Trojan is designed to hide itself from sight and may have no visible symptoms besides appropriate warnings from anti-malware programs. If you suspect that DevilRobber Trojan is on your computer, it's recommended that you remove DevilRobber Trojan ASAP via proper security software usage lest you lose both your digital money and your account passwords.

DevilRobber Trojan – a Little Bit of Spyware Just for OS X

As an attacker of Mac OS X operating systems, DevilRobber Trojan can't threaten Windows computers, but should be considered a very real and ongoing danger to anyone who uses OS X. The original version of DevilRobber Trojan also displayed features that are lacking in DevilRobber Trojan's latest variant, such as the ability to capture screen images, but even the latest version of DevilRobber Trojan is capable of extremely-invasive attacks. SpywareRemove.com malware researchers have found that new DevilRobber Trojan variants are distributed solely as fake PixelMator programs and lack any of the image-editing features that a real PixelMator application possesses.

Also, known as DevilRobberV3, this new version of DevilRobber Trojan has been known to display the following traits:

  • DevilRobber Trojan will attempt to steal passwords from 1Password, a password-management utility.
  • DevilRobber Trojan will attempt to generate Bitcoins (an experimental and digital-only currency format) to inflate the fiscal holdings of its hacker partners.
  • DevilRobber Trojan will also attempt to steal Bitcoins from your online 'wallet.'
  • Lastly, DevilRobber Trojan keeps track of OS X system log files as well as the history files for your Terminal commands.

As a side effect of these attacks, you will also find a security backdoor opened on your system, to allow DevilRobber Trojan to send its stolen information to criminal entities (via FTP). Additional attacks may also occur through this security vulnerability.

Keeping Your OS X Free of DevilRobber Trojan's Thievery

Since DevilRobber Trojan targets OS X specifically, using Mac-compatible brands of anti-malware programs to protect your PC can effectively halt DevilRobber Trojan's attacks or even prevent its installation in the first place. SpywareRemove.com malware researchers note that anti-malware products with firewall-based security features appear to be very effective at preventing the latest version of DevilRobber Trojan from functioning, although other variants of DevilRobber Trojan may simply prevent themselves from being installed if they detect the presence of such software.

Prevention, however, is preferable to needing to delete DevilRobber Trojan, and so it's strongly encouraged for you to avoid DevilRobber Trojan's primary propagation source: pirated software. As long as you download software from strictly-legitimate sources and use software from trustworthy brands your computer shouldn't have much to fear from DevilRobber Trojan.

Depending on your anti-malware software of choice, DevilRobber Trojan may also be detected by the names Backdoor:MacOS_X/DevilRobber.A and Backdoor:MacOS_X/DevilRobber.B.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



file.exe File name: file.exe
Size: 31.9 KB (31902 bytes)
MD5: 7364058a360ca4365862568607a68fde
Detection count: 1
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: November 24, 2011
Loading...