Trojan:OSX/Zweite.A, Zweite.A, OSX/Zweite.A, Trojan:W32/Zweite.A


Trojan:OSX/Zweite.A masquerades as a Safari application and when executed, can perform a variety of unauthorized actions.


Manual removal

  • Open Applications, then drag the application to the Trash
  • Open Trash in Finder, then select the action "Empty Trash"
Find out more

Knowledge Base

Find the latest advice in our Community Knowledge Base.

User Guide

See the user guide for your product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details

Trojan:OSX/Zweite.A masquerades as a Safari application.

There are two 'variations' of the trojan: one for Intel Macs and the other for PPC Macs. It also comes with a configurator component for both OS X (Intel) and Windows. The configurator components are detected as Trojan:OSX/Zweite.A and Trojan:W32/Zweite.A respectively.

The malware author claims this trojan is his second OSX malware (hence where the name Zweite, which is German for 'second').


Upon execution, the trojan will attempt to perform a number of actions, which are specified by a text file named 'config.txt'. These actions may be any the following:

  • Take a picture from Webcam using isightcapture
  • Shut down the system
  • Display a dialogue that asks for the admin password and stores it in a file
  • Execute a command or script

Date Created: -

Date Last Modified: -