Backdoor:OSX/Iworm connects affected Mac OS X machines to a botnet and is capable of a executing a range of commands. At the time of writing, there have been no reports of the IWorm botnet being used for malicious activities.
Find the latest advice in our Community Knowledge Base.
See the manual for your F-Secure product on the Help Center.
Submit a file or URL for further analysis.
Backdoor:OSX/Iworm is reportedly spread via pirated software downloads. Once present on a machine running the Mac OS X operating system, the malware installs a file in the Library directory and then connects to Reddit's search page.
An unusual feature of this malware and the botnet it connects to is that a specific subreddit was used to distribute the IP addresses of the botnet's command and control (C&C) servers to affected machines. The subreddit has since been cleared of this C&C-related data, and the account used to post the data was shut down.
If the affected machine does successfully connect to the botnet, it is able to carry out a range of instructions, including downloading a file, executing a system instruction and changing its own configuration file. At the time of writing, there have been no reports of the IWorm botnet being used for malicious activities.
Following public reports of the malware, Apple updated OS X's built-in XProtect component to include identification for this malware.