Home > Threat descriptions >



Category: Malware

Type: Backdoor

Aliases: MAC.OSX.Backdoor.Olyx.A


Backdoor:OSX/Olyx.A connects to a remote server to receive further instructions, without knowledge or permission from the user.


Manual Removal
  • Open Activity Monitor, select startp and click Quit Process
  • Open Terminal then execute the following:
    • sudo rm -f /Library/Application Support/google/startp
    • sudo rm -f ~/Library/LaunchAgents/www.google.com.tstart.plist
    • sudo rm -f /tmp/google.tmp
Knowledge Base

Find the latest advice in our Community Knowledge Base.

About the product

See the manual for your F-Secure product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details

On installation, the malware drops and executes the following:

  • /Library/Application Support/google/startp

This component connects to a hard-coded IP address (located in Korea) to get additional commands.


The following launchpoint is created for the dropped file:

  • ~/Library/LaunchAgents/www.google.com.tstart.plist

The trojan also replace the following file with a copy of itself:

  • /tmp/google.tmp