Backdoor:OSX/Olyx.A

Threat description

Details

CATEGORYMalware
TYPEBackdoor

Summary

Backdoor:OSX/Olyx.A connects to a remote server to receive further instructions, without knowledge or permission from the user.



Removal

Manual Removal
  • Open Activity Monitor, select startp and click Quit Process
  • Open Terminal then execute the following:
    • sudo rm -f /Library/Application Support/google/startp
    • sudo rm -f ~/Library/LaunchAgents/www.google.com.tstart.plist
    • sudo rm -f /tmp/google.tmp

Technical Details

On installation, the malware drops and executes the following:

  • /Library/Application Support/google/startp

This component connects to a hard-coded IP address (located in Korea) to get additional commands.

Additional

The following launchpoint is created for the dropped file:

  • ~/Library/LaunchAgents/www.google.com.tstart.plist

The trojan also replace the following file with a copy of itself:

  • /tmp/google.tmp

Submit a Sample

Suspect a file or URL was wrongly detected?
Send it to our Labs for further analysis

Submit a Sample

Disinfect your Mac

F-Secure Anti-Virus for Mac will disinfect your Mac and remove all harmful files

More Info