Home / malware OSX.Codgost
First posted on 19 September 2015.
Source: SymantecAliases :
There are no other names known for OSX.Codgost.
Explanation :
The Trojan may arrive on the compromised computer through a modified Xcode installer obtained from an unofficial source.
The Trojan may create the following files on the compromised computer:
/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer/SDKs/Library/Frameworks/CoreServices.framework/CoreServices/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/Library/Frameworks/CoreServices.framework/CoreServices
When the modified Xcode installer is used to create an application, the Trojan ensures the created application will contain code to steal information from the compromised computer.
The Trojan may steal the following information from the compromised computer:
Application bundle identifierCurrent timeOperating system versionLanguage usedDevice nameDevice typeDevice UUIDCountry code
The Trojan may send the stolen information to the following location using HTTP POST:
[http://]init.icloud-analysis.comLast update 19 September 2015
