RegisterFAQSearchLogin

View unanswered posts | View active topics It is currently Tue Jun 17, 2025 6:09 am


Board index » Tech Support

All times are UTC




Reply to topic  Page 1 of 1
  [ 1 post ] 
Print view Previous topic | Next topic 
New Mac Malware in the wild 
Author Message
big_D
What's a life?
User avatar

Joined: Thu Apr 23, 2009 8:25 pm
Posts: 10691
Location: Bramsche
Reply with quote
Post New Mac Malware in the wild
http://www.zdnet.com/blog/security/new- ... wild/10887

Quote:
Security researchers from Intego, have intercepted a new variant of the Imuler trojan horse targeting Mac OS X users.

The latest version of the Imuler.C trojan attempts to trick end and corporate users into thinking that they’re downloading and about to view image files. The trojan horse circulates using .zip archives named “Pictures and the Ariticle of Renzin Dorjee.zip” and “FHM Feb Cover Girl Irina Shayk H-Res Pics.zip”.

According to the researchers, the malware authors are relying on a known social engineering tactic and the default Mac OS X settings, where full file extensions are not displayed by default, hence the use of image icons for application files.

Once executed, the malware performs the following actions:

Quote:
The malware installs a backdoor at /tmp/.mdworker, along with other files in this directory. A process called .mdworker then launches; the mdworker process (not the absence of the . before the name) is a processed used by Spotlight to index files.A launchagent file is also installed at ~/library/LaunchAgents/checkvir.plist, along with an executable in the same folder, ensuring that the malware launches when the user logs into his or her Mac, or starts it up. After a restart, the .mdworker process is deleted, and the checkvir executable launches.This malware searches for user data, and attempts to upload it to a server. It also takes screenshots and sends them to the server. It creates a unique identifier for the specific Mac to be able to link the Mac and the data it collects. We have seen that this malware is active, as it connects to a remote server and downloads new executables.


End users are advised to turn on the feature that’s showing all filename extensions in order to differentiate between real image files and applications, such as the Imuler.C trojan, and to submit suspicious files to the popular VirusTotal service in order to ensure that they’re malware-free.

_________________
"Do you know what this is? Hmm? No, I can see you do not. You have that vacant look in your eyes, which says hold my head to your ear, you will hear the sea!" - Londo Molari

Executive Producer No Agenda Show 246
Sat Mar 17, 2012 9:16 am
Profile ICQ
Display posts from previous:  Sort by  
Reply to topic   Page 1 of 1
  [ 1 post ] 

Board index » Tech Support

All times are UTC


Who is online

Users browsing this forum: No registered users and 6 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group
Designed by ST Software.