Fresh modification of the OSX.Trojan.iServices trojan
Just three days ago, I wrote that a new Trojan for Mac was discovered, and today a modification has appeared on the network. This time the trojan is distributed in torrents with Photoshop CS4. The package itself is clean, but the program for generating serial numbers distributed with it is with a gift.
What and how do the quack and trojan:
Troyan was named OSX.Trojan.iServices.B, and was discovered by the same company Intego. According to their data, the possible number of infected computers is about 5,000.
In any case, the best protection is not to give the root password to unknown applications or to programs not from official sources.
What and how do the quack and trojan:
- To run, the crack asks for the root password, which is used to transfer the corresponding rights to the trojan.
- When you start the crack, the trojan is unpacked into / var / tmp / with a random file name. When restarting, a second similar file is generated.
- The trojan is copied to / usr / bin / DivX and creates an autorun key in / System / Library / StartupItems / DivX.
- The trojan checks for root rights and stores the root password hash in /var/root/.DivX.
- The trojan listens to a random TCP port and responds to external requests with packets of 209 bytes each. It also periodically connects to two IP addresses.
- A crack opens a disk image hidden in a directory with its resources, and actually breaks down Photoshop protection.
Troyan was named OSX.Trojan.iServices.B, and was discovered by the same company Intego. According to their data, the possible number of infected computers is about 5,000.
In any case, the best protection is not to give the root password to unknown applications or to programs not from official sources.
')
Source: https://habr.com/ru/post/50305/
All Articles