Backdoor:OSX/Sabpab.A connects to a remote server to receive further instructions, without the knowledge or permission from the user.
The malware drops the following copy of itself:
It creates the following launchpoint for the file above:
The malware connects to a remote server to obtain additional commands. The server varies between samples. As of this writing, there are two known servers:
The backdoor is capable of performing the following actions: