SecurityHome.eu Backdoor:OSX/MacKontrol.A

Home / malware PDF

Backdoor:OSX/MacKontrol.A

First posted on 22 July 2013.
Source: F-Secure
Aliases :
There are no other names known for Backdoor:OSX/MacKontrol.A.
Explanation :
Backdoor:OSX/MacKontrol.A connects to a remote server to receive further instructions, without the knowledge or permission from the user.

Technical Details
Arrival

MacKontrol.A is dropped into the system by malicious Word documents that exploit the vulnerability identified by CVE-2009-0563.

Installation

The malware drops the following copy of itself:

/Library/launched

It creates the following launchpoint for the file above:

~/Library/LaunchAgents/com.apple.FolderActionsxl.plist

Payload

The malware connects tofreetibet2012[...].xicp.com[...] to obtain additional commands.

It is capable of performing the following actions:

Deleting files Terminating processes Getting system info, such as system version, username, hostname, etc. Getting process lists Opening remote shell Listing files Uploading, downloading and executing files Removing launchpoint
Last update 22 July 2013

TOP

Malware :

Last 20

Family:

Backdoor:OSX/MacKontrol.A