- Threat Encyclopedia
- Malware
- OSX_EXPLOIT.B
OSX/CallMe.C trojan (NOD32), MACOS/CVE2009-0563.C (Antivir), OSX/Agent.AADL (Fortinet), OSX/Agent-AADL (Sophos)
Mac OS X
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It may be dropped by other malware.
It executes commands from a remote malicious user, effectively compromising the affected system. It connects to a website to send and receive information.
It gathers certain information on the affected computer.
108,220 bytes
Other
Yes
30 Apr 2013
Arrival Details
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
It may be dropped by the following malware:
Installation
This backdoor drops the following component file(s):
Backdoor Routine
This backdoor executes the following commands from a remote malicious user:
It connects to the following websites to send and receive information:
Information Theft
This backdoor gathers the following information on the affected computer:
Stolen Information
This backdoor saves the stolen information in the following file:
NOTES:
Its communication with the Command-and-Control (C&C) server is encrypted with AES key 12345678
9.300
9.888.04
30 Apr 2013
9.889.00
30 Apr 2013
Step 1
Remove the malware/grayware file that dropped/downloaded OSX_EXPLOIT.B
Step 2
Search and delete these files
Step 3
Scan your computer with your Trend Micro product to delete files detected as OSX_EXPLOIT.B. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.