OSX_MUSMINIM.A
Mac OS X
Threat Type: Backdoor
Destructiveness: No
Encrypted: No
In the wild: Yes
OVERVIEW
This backdoor is noteworthy because this is the new and currently under development remote administration tool (RAT) for MAC OS X platforms.
To get a one-glance comprehensive view of the behavior of this Backdoor, refer to the Threat Diagram shown below.
This OSX malware has a Windows counterpart, which Trend Micro detected as BKDR_MUSMINIM.A.
This is a remote administration tool (RAT) that has specific capabilities.
This backdoor may be unknowingly downloaded by a user while visiting malicious websites. It may be manually installed by a user.
TECHNICAL DETAILS
Varies
Other
Yes
26 Feb 2011
Compromises system security, Displays a fake graphical user interface (GUI)
Arrival Details
This backdoor may be unknowingly downloaded by a user while visiting malicious websites.
It may be manually installed by a user.
NOTES:
Based on analysis of the codes, it has the following capabilities:
- Execute remote shell commands
- Show a URL using the default browser of the affected system
- Force the user to input login credentials
- Shutdown the remote computer
- Restart the remote computer
- Put the system into sleep mode
- Send a message
- Create a text file on the desktop
- Display a window with a message from the attacker that can only be removed by rebooting
- Display the following graphical user interface (GUI):
SOLUTION
8.900
7.864.05
28 Feb 2011
7.865.00
28 Feb 2011
Scan your computer with your Trend Micro product to delete files detected as OSX_MUSMINIM.A. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.
Did this description help? Tell us how we did.