Backdoor:OSX/Olyx.A connects to a remote server to receive further instructions, without knowledge or permission from the user.
On installation, the malware drops and executes the following:
This component connects to a hard-coded IP address (located in Korea) to get additional commands.
The following launchpoint is created for the dropped file:
The trojan also replace the following file with a copy of itself: