DevilRobber is a trojan targeting the Mac operating system (OSX), discovered by researchers at Intego in October 2011 and is distributed via malicious Mac applications distributed by BitTorrent trackers. Also going by the names Miner-D and OSX.Coinbitminer, DevilRobber steals data and Bitcoin cryptocurrency, and utilizes CPU and GPU resources on affected devices to mine Bitcoin. Infections were widespread after its discovery, which is considered one of the first major Mac malware outbreaks, resulting in Apple issuing an emergency update to mitigate the threat. New versions have been released since the initial attack but none had ever reached the same level of impact. According to Symantec, as of June 2017, DevilRobber was the second-most widespread Mac malware variant, accounting for 21.6 percent of all detections - up from 2.4 percent in May. The cause of the recent increase in infections is currently unknown but could be attributed to a new version of the trojan mining for cryptocurrencies beyond Bitcoin, such as Ethereum and Monero.


July 2017: DevilRobber is second-most widespread Mac malware variant in June, accounting for 21.6 percent of all detections, up from 2.4 percent in May. (Symantec)

Technical Details

Intego provides technical details on the first version of DevilRobber, here.