- Status
- Aug 23, 2011
- 2,291
Now the antivirus vendors who offer a version for Mac should also start to focus on that OS to keep its customers protected 
Valentin N
Level 2
- Feb 25, 2011
- 1,314
WinAndLinuxTutorials said:Now the antivirus vendors who offer a version for Mac should also start to focus on that OS to keep its customers protected
It's also important that mac tell their users.
AyeAyeCaptain
Level 1
- Feb 24, 2011
- 585
Valentin N said:WinAndLinuxTutorials said:Now the antivirus vendors who offer a version for Mac should also start to focus on that OS to keep its customers protected
It's also important that mac tell their users.
That they're been exploited in more ways than one?? LOL £££
AyeAyeCaptain
Level 1
- Feb 24, 2011
- 585
If it does then it can only benefit the providers of security software, as more and more people will want to pay to be protected.
- Jan 24, 2011
- 9,378
DevilRobber.A : Mac OS X with backdoor and trojan-like capabilities
F-Secure Labs has recently analyzed DevilRobber.A, a Mac OS X malware that has both backdoor and trojan-like capabilities. All the samples we've collected so far were from torrents uploaded by a single user account on The Pirate Bay website:
The files shared were legitimate Mac applications, but modified to include the malware's components. The samples we got had some variations in the components, which means that some samples (variants) had additional functionalities.
It seems that the malware author had varying purposes for each of his creations. One variant steals the Keychain of the infected machine and logs the number of files on the system with names matching the string "pthc" — which Graham Cluley speculates may be referring to "pre-teen hardcore pornography". It appears as though the malware author is trying to find illegal child abuse materials, by spotting which infected machine has the most pornography and using its credentials to gain access to the materials.
Other variants install applications related to Bitcoin mining. These applications use both the CPU and GPU computational power of the infected machines, which improves the mining operations at the computer owner's expense. Now that is greedy!
Below is a summary of the differences between the variants we've found as of this writing:
In addition, all the variants we've seen log the number of files that match a certain set of criteria, and also steal the Terminal command history and Bitcoin wallet. All variants also perform the following:
• Opens a port where it listens for commands from a remote user.
• Installs a web proxy which can be used by remote users as a staging point for other attacks.
• Steals information from the infected machine and uploads the details to an FTP server for later retrieval.
Even here, there are differences between the variants. The specific port used by the web proxy depends on the variant (see Port Mapping column in the table above). The specific FTP server for data stealing also varies between samples. And DevilRobber's data stealing routine is repeated on a fixed interval — every 43200, 60000, or 100000 seconds, depending on the sample.
via F-Secure
- Jan 24, 2011
- 9,378
This is a very nasty piece of malware as it harvest data from the infected machines and by far the most advanced piece of malware I've seen for a MAC OS X.
The removal process for this infection is not very complicated but I'm sure this guys will create in the future much tougher pieces of malware
Wonder how long it will take before cyber criminals will start to work with the MAC OS X vulnerabilities..
The removal process for this infection is not very complicated but I'm sure this guys will create in the future much tougher pieces of malware
It's important to be noted that for this attack to be successful there is a need for user interaction, as social engineering is used in order to infect the machine.F-Secure said:
Wonder how long it will take before cyber criminals will start to work with the MAC OS X vulnerabilities..
- Status
Similar threads
