OS X Trojan Horse Sends Files to Remote Servers

by ServerWatch Staff

The malware does not appear to work very well since it does not receive instructions from the remote server.

While MacDefender or one of its variants is the most well-known OS X malware, a new Trojan horse attempt for OS X has surfaced that tries to steal users' personal information. As reported on Cnet News, the malware was first seen in late July of this year, and has been identified by security firms F-Secure and Sophos as "Trojan dropper" and "backdoor" utilities that both work in tandem to install on the system.

"This Trojan downloader is the initial phase of the attack, and is a program that when run will install a backdoor utility called 'BackDoor:OSX/Imuler.A' onto the system. The downloader will also download and continually open a Chinese PDF document (aptly named 'trojan.pdf') that contains offensive political statements, which apparently is an attempt to distract the user and disguise the installation of the backdoor malware.

"When the backdoor is installed, it will set up a launch agent on the system that is used to continually keep the malware active on the system. It will then connect to a remote server and send the system's current username and MAC address to the server, after which the server will instruct it to either archive files and upload them, or take screenshots and upload them to the server."

Read the Full Story at Cnet News

This article was originally published on Monday Sep 26th 2011
Mobile Site | Full Site