Backdoor:OSX/Iworm

Classification

Malware

Backdoor

OSX

Backdoor:OSX/Iworm.A, Trojan-Dropper:OSX/Iworm.A , Mac.BackDoor.iWorm, Mac.OSX.iWorm

Summary

Backdoor:OSX/Iworm connects affected Mac OS X machines to a botnet and is capable of a executing a range of commands. At the time of writing, there have been no reports of the IWorm botnet being used for malicious activities.

Removal

Automatic action

The F-Secure security product will automatically remove the file.

Find out more

Knowledge Base

Find the latest advice in our Community Knowledge Base.

User Guide

See the user guide for your product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details

Backdoor:OSX/Iworm is reportedly spread via pirated software downloads. Once present on a machine running the Mac OS X operating system, the malware installs a file in the Library directory and then connects to Reddit's search page.

An unusual feature of this malware and the botnet it connects to is that a specific subreddit was used to distribute the IP addresses of the botnet's command and control (C&C) servers to affected machines. The subreddit has since been cleared of this C&C-related data, and the account used to post the data was shut down.

If the affected machine does successfully connect to the botnet, it is able to carry out a range of instructions, including downloading a file, executing a system instruction and changing its own configuration file. At the time of writing, there have been no reports of the IWorm botnet being used for malicious activities.

Following public reports of the malware, Apple updated OS X's built-in XProtect component to include identification for this malware.

Date Created: -

Date Last Modified: -