Backdoor:OSX/Olyx.A

Classification

Malware

Backdoor

OSX

MAC.OSX.Backdoor.Olyx.A

Summary

Backdoor:OSX/Olyx.A connects to a remote server to receive further instructions, without knowledge or permission from the user.

Removal

Automatic action

The F-Secure security product will automatically remove the file.

Manual removal

  1. Open Activity Monitor, select startp and click Quit Process
  2. Open Terminal then execute the following:
    • sudo rm -f /Library/Application Support/google/startp
    • sudo rm -f ~/Library/LaunchAgents/www.google.com.tstart.plist
    • sudo rm -f /tmp/google.tmp
Find out more
Knowledge Base

Find the latest advice in our Community Knowledge Base.

Product Manual

See the manual for your F-Secure product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details

On installation, the malware drops and executes the following:

  • /Library/Application Support/google/startp

This component connects to a hard-coded IP address (located in Korea) to get additional commands.

Additional

The following launchpoint is created for the dropped file:

  • ~/Library/LaunchAgents/www.google.com.tstart.plist

The trojan also replace the following file with a copy of itself:

  • /tmp/google.tmp

Date Created: -

Date Last Modified: -