Backdoor.OSX.iWorm.f (Kaspersky), OSX/iWorm (McAfee), Mac.OSX.iWorm.C (F-Secure), Mac.OSX.iWorm.C (BitDefender), OSX/Iservice.AG (ESET), OSX.Luaddit (Symantec)
Mac OSX
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
It executes commands from a remote malicious user, effectively compromising the affected system.
Arrival Details
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
This malware arrives via the following means:
Installation
This backdoor drops the following files:
Backdoor Routine
This backdoor executes the following commands from a remote malicious user:
Information Theft
This backdoor gathers the following data:
NOTES:
This malware queries the site Reddit to retrieve the list of command-and-control servers from posts:
The list of C&Cs are posted below:
NOTES: