SecurityHome.eu MAC.OSX.Trojan.Krowi.A

Home / malware PDF

MAC.OSX.Trojan.Krowi.A

First posted on 21 November 2011.
Source: BitDefender
Aliases :
MAC.OSX.Trojan.Krowi.A is also known as Backdoor.OSX.iWorm.a, Mac.Iservice, OSX.Iservice, Backdoor:MACOS_X/Iservice, OSX_KROWI.A.
Explanation :
This malware comes bundled with a modified version of iWork installer available on illegal torrent sites and will get installed at the same time as the original software. Because the installer needs administrator password the malware will also run as an administrator.

Once launched it will:
* check if it's running with administrator rights and will exit if not;
* copy itself in "/usr/bin" directory with "iWorkServices" name;
* add itself to system startup as to run each time computer start;
* try to connect to two p2p servers in order to download additional malware components:
- xxx.xxx.177.146 (port 59201)
- xxxxxxxx.freehostia.com (port 1024).
Last update 21 November 2011

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Family:

Trojan:W32/Qhost.JE
Trojan-Downloader:HTML/Agent.DY
Trojan.Cidox!kmem
Trojan.Ransomlock!g75
Trojan.Klovbot!gen2
Trojan.Poweliks!gm
Trojan.Shylock!gen9
Trojan-Dropper:W32/Agent.CMW
Trojan-Downloader:W32/Agent.TPF
Trojan:SymbOS/Bootton.I