Threat Description

Backdoor:OSX/Olyx.A

Details

Aliases: MAC.OSX.Backdoor.Olyx.A
Category: Malware
Type: Backdoor
Platform: OSX

Summary



Backdoor:OSX/Olyx.A connects to a remote server to receive further instructions, without knowledge or permission from the user.



Removal



Manual Removal

  • Open Activity Monitor, select startp and click Quit Process
  • Open Terminal then execute the following:
    • sudo rm -f /Library/Application Support/google/startp
    • sudo rm -f ~/Library/LaunchAgents/www.google.com.tstart.plist
    • sudo rm -f /tmp/google.tmp


Technical Details



On installation, the malware drops and executes the following:

  • /Library/Application Support/google/startp

This component connects to a hard-coded IP address (located in Korea) to get additional commands.

Additional

The following launchpoint is created for the dropped file:

  • ~/Library/LaunchAgents/www.google.com.tstart.plist

The trojan also replace the following file with a copy of itself:

  • /tmp/google.tmp





SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Disinfect your Mac

F-Secure Anti-Virus for Mac will disinfect your Mac and remove all harmful files

Learn More