Summary
Trojan-Dropper:OSX/Revir.B drops and executes a backdoor program detected as Backdoor:OSX/Imuler.A, while camouflaging its activity by opening a JPG file to distract the user.
Disinfection & Removal
Automatic Disinfection
Allow F-Secure Anti-Virus for Mac to remove the relevant files.
Technical Details
Trojan-Dropper:OSX/Revir.B drops a JPG file in the /tmp folder, then opens it to distract the user from noticing any other ongoing activity.
Screenshot of a JPG file dropped by Trojan-Dropper:OSX/Revir.B.
Note that the JPG file in the screenshot above uses the name 'trojan.jpg'. The JPG file will actually use the same name as the trojan-dropper's binary file.
Activity
In the background, the malware will drop and execute a backdoor program (detected as Backdoor:OSX/Imuler.A):
- /tmp/host
Submit a sample
Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)
Give And Get Advice
Give advice. Get advice. Share the knowledge on our free discussion forum.
Disinfect your Mac
F-Secure Anti-Virus for Mac will disinfect your Mac and remove all harmful files