Home / malwarePDF  

Backdoor:MacOS/Longage.A


First posted on 11 July 2012.
Source: Microsoft

Aliases :

Backdoor:MacOS/Longage.A is also known as Backdoor.OSX.MaControl.b (Kaspersky), MACOS/MaControl.A.1 (Avira), OSX/MacKontrol.A trojan (ESET), Backdoor.Macos (Ikarus), OSX/BackDoor (McAfee), OSX/Bckdr-RLG (Sophos), OSX.MaControl (Symantec).

Explanation :



Backdoor:MacOS/Longage.A is a backdoor trojan that allows an unauthorized user to access and control your computer. The trojan is in a fat Mach-O binary format, and therefore runs on two architectures: PowerPC (which is supported by a variety of operating systems, including Mac OS), and i386 (which is supported by certain versions of Mac).



Installation

Backdoor:MacOS/Longage.A copies itself as the following:

/Library/launched

To make sure that it automatically runs in your computer, Backdoor:MacOS/Longage.A installs a "Launchd" property list file in the "LaunchAgents" folder as follows:

~/Library/LaunchAgents/com.apple.FolderActionsxl.plist

This property list file states that the backdoor runs only once, when you log in.

Distributed via....

Malicious Microsoft word documents

Backdoor:MacOS/Longage.A has been observed embedded in specially-crafted Microsoft Word documents exploiting a known vulnerability. The vulnerability has been resolved with the release of Microsoft Security Bulletin MS09-027. The malicious word document is detected as Exploit:MacOS_X/MS09-027.A.



Payload

Allows backdoor access and control

Backdoor:MacOS/Longage.A connects to a certain IP address via a specific port indicated in its code. Once connected, Backdoor:MacOS/Longage.A sends following information about your computer:

  • Operating system version
  • Physical RAM size
  • Logon name of the current user


The connection also allows a remote unauthorized user to perform the following actions:

  • Gather information about your computer
  • Send a list of currently-running processes
  • Kill processes
  • Run or delete files
  • Receive files from, or send files to, a remote server
  • Uninstall Backdoor:MacOS/Longage.A
  • Send an Apple event to initiate your computer to sleep, restart, shut down and log out
  • Open a bash shell command prompt




Analysis by Methusela Cebrian Ferrer

Last update 11 July 2012

 

TOP

Malware :

Family: