DevilRobber Trojan Disguises as PixelMator, with improvements, so you’ve got to step up too as a User
The original DevilRobber was being distributed in pirated versions of the popular program Graphic Converter, and in similar form the malware developers are targeting additional graphics tools by releasing this new version disguised as the popular image-editing program PixelMator.
Unlike the original version of the malware that ran embedded in full versions of Graphic Converter, the new version contains none of the legitimate PixelMator code and instead is only disguised as the program. When run, the fake PixelMator program acts as a basic downloader that will contact some FTP servers and download and install the malware.
The new malware has some relatively significant changes from its predecessors. While it still tries to steal the contents of a user’s Bitcoin wallet and generate Bitcoins, it now performs a few other operations. First it attempts to steal passwords from the popular password management utility 1Password. It also attempts to grab system log files in addition to Terminal command history files.
This version of DevilRobber no longer attempts to take screenshots and send them to remote servers; however, it also no longer checks for the presence of the Little Snitch reverse firewall daemon, which will detect its activity and prevent it from communicating with external servers. In previous versions of the malware the presence of Little Snitch caused its installation to fail, but this version continues to install, perhaps in hopes that even with Little Snitch installed some people will authorize a rule that allows the Trojan to communicate with external servers.
Originally reported by Topher Kessler from news,cnet