Home / malware OSX.Ransomcrypt
First posted on 10 November 2015.
Source: SymantecAliases :
There are no other names known for OSX.Ransomcrypt.
Explanation :
Once executed, the Trojan copies itself to the following location:
$HOME/Desktop/mabouia_Decrypter
Next, the Trojan encyrpts files found in the following directory:
$HOME/Desktop/ransom
The Trojan then creates and opens the following .txt file:
$HOME/Desktop/READ-Me.txt
The .txt file contains a ransom note.
The Trojan also connects to the following remote location:
creativecode.com.brLast update 10 November 2015
