Allow F-Secure Anti-Virus for Mac to remove the relevant files.
Protect your Mac against threats with F-Secure Anti-Virus for Mac.
Backdoor:OSX/Imuler.A may be variously dropped or installed onto a system by variants in the Trojan-Dropper:OSX/Revir family.
Upon execution, the backdoor drops a copy of itself to the following location:
It creates the following launch point:
It also creates the following file, containing its Command and Control, or C&C, server:
Network ConnectionsThe malware downloads a command line tool from the external site
The downloaded file is then saved as:
The malware obtains the external IP address and current time by connecting to the following URLs:
It collects system information, then uploads the collected information to the following location:
Collected information includes the following:
The malware then makes a HTTP POST request containing the %botid% to the following URLs, presumably to report that the infected host is ready to receive commands:
The malware contacts a remote server (the C&C server) to get its instructions. The URL is based on the following formula:
Depending on the instructions received, the backdoor is capable of performing the following actions:
After receiving the commands, the malware makes a HTTP HEAD request the to following URL, presumably to report that the infected host has successfully receive the commands: