New Mac Trojan may funnel files, screenshots

Discussion of general issues, not related to a specific Mac or iDevice operating system.
Post Reply
User avatar
bluesky
Forum Member - Level 3
Forum Member - Level 3
Posts: 114
Joined: Tue Apr 12, 2011 7:03 am
Location: Sequim-Port Angeles
Contact:

New Mac Trojan may funnel files, screenshots

Post by bluesky » Sat Sep 24, 2011 11:04 am

Mac Trojan may funnel files, screenshots to distant servers

updated 01:15 pm EDT, Fri September 23, 2011

Malware currently just minor threat

A newly-detailed Trojan attack is being directed at Macs, say security firms F-Secure and Sophos. Originally spotted in late July, the Trojan relies on two pieces of malware. The first is a downloader identified as "Trojan-Dropper:OSX/Revir.A," which not only retrieves the second piece of software but repeatedly opens a Chinese PDF document -- trojan.pdf -- said to contain offensive political statements. The real purpose of the document is thought to be distracting a person while the second app is downloaded.

Nicknamed "BackDoor:OSX/Imuler.A," the second half of the Trojan configures a launch agent which keeps the malware active, and then connects to a remote server, feeding it a victim's computer username and MAC address. The server can reportedly instruct a besieged system to archive files and upload them, or else capture screenshots for upload. F-Secure comments that Imuler.A currently seems to be working badly or not at all, since it isn't receiving instructions; the company warns, though, that server may simply be in a testing phase, and could later become fully functional.

Both Sophos and F-Secure have produced updated definitions for their antivirus scanners that should cope with the Trojan. Apple has yet to push out new definitions for Lion and Snow Leopard, but the malware is said to be relatively easy to stop manually. People must first stop a process called "checkvir" in the Activity Monitor, and then delete "checkvir" and "checkfir.plist" files from their /username/Library/LaunchAgents/ directory.


Read more: http://www.macnn.com/articles/11/09/23/ ... z1YtkZJIdC
"All computers wait at the same speed."

Post Reply

Who is online

Users browsing this forum: No registered users and 5 guests