Home / malwarePDF  

MAC.OSX.Trojan.Krowi.A


First posted on 21 November 2011.
Source: BitDefender

Aliases :

MAC.OSX.Trojan.Krowi.A is also known as Backdoor.OSX.iWorm.a, Mac.Iservice, OSX.Iservice, Backdoor:MACOS_X/Iservice, OSX_KROWI.A.

Explanation :

This malware comes bundled with a modified version of iWork installer available on illegal torrent sites and will get installed at the same time as the original software. Because the installer needs administrator password the malware will also run as an administrator.

Once launched it will:
* check if it's running with administrator rights and will exit if not;
* copy itself in "/usr/bin" directory with "iWorkServices" name;
* add itself to system startup as to run each time computer start;
* try to connect to two p2p servers in order to download additional malware components:
- xxx.xxx.177.146 (port 59201)
- xxxxxxxx.freehostia.com (port 1024).

Last update 21 November 2011

 

TOP