Threat Description

Backdoor: OSX/Olyx.A


Category: Malware
Type: Backdoor
Platform: OSX
Aliases: MAC.OSX.Backdoor.Olyx.A


Backdoor:OSX/Olyx.A connects to a remote server to receive further instructions, without knowledge or permission from the user.


Manual Removal
  • Open Activity Monitor, select startp and click Quit Process
  • Open Terminal then execute the following:
    • sudo rm -f /Library/Application Support/google/startp
    • sudo rm -f ~/Library/LaunchAgents/
    • sudo rm -f /tmp/google.tmp

Technical Details

On installation, the malware drops and executes the following:

  • /Library/Application Support/google/startp

This component connects to a hard-coded IP address (located in Korea) to get additional commands.


The following launchpoint is created for the dropped file:

  • ~/Library/LaunchAgents/

The trojan also replace the following file with a copy of itself:

  • /tmp/google.tmp


Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Disinfect your Mac

F-Secure Anti-Virus for Mac will disinfect your Mac and remove all harmful files

Learn More