Threat Description

Trojan-Dropper:​OSX/Revir.B

Details

Aliases: Trojan-Dropper:​OSX/Revir.B, Trojan-Dropper:​OSX/Revir.B
Category: Malware
Type: Trojan-Dropper
Platform: OSX

Summary



Trojan-Dropper:OSX/Revir.B drops and executes a backdoor program detected as Backdoor:OSX/Imuler.A, while camouflaging its activity by opening a JPG file to distract the user.



Removal



Automatic Disinfection

Allow F-Secure Anti-Virus for Mac to remove the relevant files.



Technical Details



Trojan-Dropper:OSX/Revir.B drops a JPG file in the /tmp folder, then opens it to distract the user from noticing any other ongoing activity.

Screenshot of a JPG file dropped by Trojan-Dropper:OSX/Revir.B.

Note that the JPG file in the screenshot above uses the name 'trojan.jpg'. The JPG file will actually use the same name as the trojan-dropper's binary file.

Activity

In the background, the malware will drop and execute a backdoor program (detected as Backdoor:OSX/Imuler.A):

  • /tmp/host





SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Disinfect your Mac

F-Secure Anti-Virus for Mac will disinfect your Mac and remove all harmful files

Learn More