Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Trojan-Dropper:OSX/Revir.B


Aliases:


Trojan-Dropper:OSX/Revir.B
Trojan-Dropper:OSX/Revir.B

Malware
Trojan-Dropper
OSX

Summary

Trojan-Dropper:OSX/Revir.B drops and executes a backdoor program detected as Backdoor:OSX/Imuler.A, while camouflaging its activity by opening a JPG file to distract the user.



Disinfection & Removal


Automatic Disinfection

Allow F-Secure Anti-Virus for Mac to remove the relevant files.



Technical Details

Trojan-Dropper:OSX/Revir.B drops a JPG file in the /tmp folder, then opens it to distract the user from noticing any other ongoing activity.

Screenshot of a JPG file dropped by Trojan-Dropper:OSX/Revir.B.

Note that the JPG file in the screenshot above uses the name 'trojan.jpg'. The JPG file will actually use the same name as the trojan-dropper's binary file.


Activity

In the background, the malware will drop and execute a backdoor program (detected as Backdoor:OSX/Imuler.A):

  • /tmp/host






Submit a sample




Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)

Give And Get Advice




Give advice. Get advice. Share the knowledge on our free discussion forum.

Disinfect your Mac




F-Secure Anti-Virus for Mac will disinfect your Mac and remove all harmful files