The Latest in IT Security

New Trojan for Mac OS X

02
Jul
2012

Russian anti-virus company Doctor Web is warning users about a new Trojan horse for Mac OS X. This application can perform backdoor tasks and execute commands issued by a remote, hacker-controlled server.

Back in late June, Doctor Web’s anti-virus laboratory received a sample e-mail message with a malicious program attached targeting Mac OS X. This e-mail message, written in the Uighur language, had the file zmatiriyal.zip attached to it. The zip archive contained two files: an image and the matiriyal.app malware disguised with a PDF document icon. This application runs on both Power PC and x86 machines. It was added to the Dr.Web virus database as BackDoor.Macontrol.2.

screen

screen

If the option to hide extensions for known file types is enabled in the system, a user may try to open the attached “document”, thus launching the Trojan. BackDoor.Macontrol.2 is especially dangerous for machines running Mac OS X Snow Leopard, since it allows programs to write into the Library folder under a user account (this is not possible under Mac OS X Lion).

When launched in a compromised system, BackDoor.Macontrol.2 copies itself into the file /Library/launched and creates its configuration file ~/Library/LaunchAgents/com.apple.FolderActionsxl.plist for launch upon system start-up. The Trojan then sends to a remote control server data on the infected computer, including the operating system version, computer name, user account information, and the amount of RAM. Then the Trojan stands by and waits for instructions. Directives that can be carried out by the backdoor include system shut down, sending files to a remote server, and running the /bin/sh shell.

This malware is not a danger to systems protected by Dr.Web for Mac OS X, which detects and removes the program. Doctor Web advises users to exercise caution when opening attachments to messages from unknown senders.

Leave a reply


Categories

TUESDAY, MARCH 19, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments