nsane.forums Posted March 16, 2012 Share Posted March 16, 2012 Security researchers from Intego, have intercepted a new variant of the Imuler trojan horse targeting Mac OS X users. Security researchers from Intego, have intercepted a new variant of the Imuler trojan horse targeting Mac OS X users. The latest version of the Imuler.C trojan attempts to trick end and corporate users into thinking that they’re downloading and about to view image files. The trojan horse circulates using .zip archives named “Pictures and the Ariticle of Renzin Dorjee.zip” and “FHM Feb Cover Girl Irina Shayk H-Res Pics.zip”. According to the researchers, the malware authors are relying on a known social engineering tactic and the default Mac OS X settings, where full file extensions are not displayed by default, hence the use of image icons for application files. Once executed, the malware performs the following actions: The malware installs a backdoor at /tmp/.mdworker, along with other files in this directory. A process called .mdworker then launches; the mdworker process (not the absence of the . before the name) is a processed used by Spotlight to index files.A launchagent file is also installed at ~/library/LaunchAgents/checkvir.plist, along with an executable in the same folder, ensuring that the malware launches when the user logs into his or her Mac, or starts it up. After a restart, the .mdworker process is deleted, and the checkvir executable launches.This malware searches for user data, and attempts to upload it to a server. It also takes screenshots and sends them to the server. It creates a unique identifier for the specific Mac to be able to link the Mac and the data it collects. We have seen that this malware is active, as it connects to a remote server and downloads new executables. End users are advised to turn on the feature that’s showing all filename extensions in order to differentiate between real image files and applications, such as the Imuler.C trojan, and to submit suspicious files to the popular VirusTotal service in order to ensure that they’re malware-free. <img src="http://www.nsaneforums.com/images/view.gif" /> <strong>View:</strong> <a href='http://anonymz.com/?http://feedproxy.google.com/~r/zdnet/security/~3/EOfG_kPFmnk/10887' class='bbc_url' title='External link' rel='nofollow external'>Original Article</a></p> Link to comment Share on other sites More sharing options...
kunjar Posted March 17, 2012 Share Posted March 17, 2012 As a Windows user, its always nice to see malware on OSX Link to comment Share on other sites More sharing options...
Frosticles Posted March 19, 2012 Share Posted March 19, 2012 Mac fanboys are always saying that they dont have viruses, they are so wrong... Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.