SecurityHome.eu Application.OSX.Cosmac.A

Home / malware PDF

Application.OSX.Cosmac.A

First posted on 21 November 2011.
Source: BitDefender
Aliases :
Application.OSX.Cosmac.A is also known as OSX/Cosmac.a.
Explanation :
Application is a proof-of-concept designed to show new ways to attack MacOSX.

File is copied in "/Library/InputManagers/" . This is used to deploy input servers for use with the Cocoa text input management system. Once copied in that directory it will be loaded by all newly created processes.

Once loaded it tires to create a file "/tmp/macrocosm" and set it's attributes as executable. If file is already present it means that it is already started and thus return to host.

It opens a random (harmless) internet webpage from a predefined list containing:
* http://www.digitalmunition.com;
* http://www.symantec.com/nav/nav_mac;
* http://www.sophos.com/products/es/endpoint/sav-mac.html;
* http://www.intego.com/virusbarrier;
* http://www.clamxav.com;
* http://www.mcafee.com/enterprise/products/anti_virus/file_servers_desktops/virex.htm;
* http://docs.info.apple.com/article.html?artnum=61798;
* http://www.securityfocus.com.
Last update 21 November 2011

TOP

Malware :

Last 20

Application.OSX.Cosmac.A

Aliases :

Explanation :

Malware :

Family: