dcsimg

OS X Trojan Horse Sends Files to Remote Servers

By ServerWatch Staff (Send Email)
Posted September 26, 2011


While MacDefender or one of its variants is the most well-known OS X malware, a new Trojan horse attempt for OS X has surfaced that tries to steal users' personal information. As reported on Cnet News, the malware was first seen in late July of this year, and has been identified by security firms F-Secure and Sophos as "Trojan dropper" and "backdoor" utilities that both work in tandem to install on the system.


"This Trojan downloader is the initial phase of the attack, and is a program that when run will install a backdoor utility called 'BackDoor:OSX/Imuler.A' onto the system. The downloader will also download and continually open a Chinese PDF document (aptly named 'trojan.pdf') that contains offensive political statements, which apparently is an attempt to distract the user and disguise the installation of the backdoor malware.

"When the backdoor is installed, it will set up a launch agent on the system that is used to continually keep the malware active on the system. It will then connect to a remote server and send the system's current username and MAC address to the server, after which the server will instruct it to either archive files and upload them, or take screenshots and upload them to the server."

Read the Full Story at Cnet News

Page 1 of 1


Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.


 

 


Thanks for your registration, follow us on our social networks to keep up-to-date