Advice Request Vermetus - a Mac worm? Trojan? Adware?

Please provide comments and solutions that are helpful to the author of this topic.

amaet

New Member
Thread author
Jun 22, 2018
1
Many of you are surely familiar with the recent infection of the Transmission app by KeRanger ransomware, but it turns out it might not be the only one infected. Yesterday I downloaded BitTorrent, and when I fired it up nothing happened, which was a bit worrying. I tried scanning the app with G Data, and the scanning process kept freezing on an executable file called Vermetus, within the contents of the app. It all made me suspicious, but nothing really happened outside of that - none of my files got encrypted or deleted. Still, just in case it's a backdoor trojan or something since I'm paranoid I wiped my disc clean and reinstalled the system. The weirdest thing is I cannot find ANY information online on that thing. I can see people googled it as well from google suggestions, but I only get links to general articles on Mac malware or the Transmission debacle, none of which mention Vermetus. It kept me up at night actually, and I just had to get up and post about it on a forum somewhere (hence it's 5 am here lol). And just now as I'm typing this my G Data got an update. I tried mounting the disc image to get some screenshot of the app info, but now G Data recognized it as malware and ejected the image:

Screen Shot 2018-06-23 at 05.13.22.png


By the way, Vermetus is a species of sea snail who's shell is reminiscent of a worm, in fact the snail is commonly called worm snail. So initially when looking at that name I thought it's just a clever name for a shell, until I got to that worm part... either way the maker of this program must be a giant nerd.

So anyway, I'm interested in knowing what's up with that thing and just how malicious it really is, but I don't know anything about checking things like this, so I'm looking for someone who knows stuff to look into it.
 
Last edited:

upnorth

Level 68
Verified
Top Poster
Malware Hunter
Well-known
Jul 27, 2015
5,458
@Opcode was always the best IMO when needed to dig deeper into things like this but ofcourse there are others here on MT that more then well enough would and could investigate it. I agree it lacks information but hybrid-analysis and VirusTotal ( VT ) seams have one reference almost 6 month ago about a Java Trojan that I belive could be it but how correct that actually is I rather let someone else evaluate.

I did a updated scan on VT and now a few more vendors ( 13 out of 60 ) seams to find it but I would suggest you submit the file to some other AV vendors then G-Data first just to be sure it's actually the same one. More discussion about this should then IMO be moved into : Malware Analysis

Submit to :

Dr.Web — innovative anti-virus technologies. Comprehensive protection from Internet threats.
Kaspersky VirusDesk
Emsisoft | Submit a Suspicious File
Submit A Sample | F-Secure Labs

Don't forget to add an email so you can get the information you need.
 
Last edited:


Write your reply...

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top