- Threat Encyclopedia
- Malware
- OSX_IWORM.A
Backdoor.OSX.iWorm.f (Kaspersky), OSX/iWorm (McAfee), Mac.OSX.iWorm.C (F-Secure), Mac.OSX.iWorm.C (BitDefender), OSX/Iservice.AG (ESET), OSX.Luaddit (Symantec)
Mac OSX
Downloaded from the Internet, Dropped by other malware
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
It executes commands from a remote malicious user, effectively compromising the affected system.
Varies
Mach-O
Yes
06 Oct 2014
Connects to URLs/IPs
Arrival Details
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
This malware arrives via the following means:
Installation
This backdoor drops the following files:
Backdoor Routine
This backdoor executes the following commands from a remote malicious user:
Information Theft
This backdoor gathers the following data:
NOTES:
This malware queries the site Reddit to retrieve the list of command-and-control servers from posts:
The list of C&Cs are posted below:
9.700
11.194.04
06 Oct 2014
11.195.00
07 Oct 2014
NOTES: