Apple. Mac App Store Utilities / Intego. Intego Software. New OSX/Imuler Variant Targeting Tibetan Activists. Malware A new OSX/Imuler variant, detected as OSX/Imuler.E, has been targeting Tibetan activists.
This varies little from the previous Imular variant, OSX/Imuler.D. There have been a variety of droppers seen, the most recent of which purport to be group photos of Tibetan organizations. Photo used as bait for social engineering with Imuler variant This backdoor Trojan family was first discovered in September 2011 as a Mac PDF Trojan horse and has been targeting activist organizations with emails containing what appear to be pictures. Like previous variants, once the Trojan is active, Imuler calls home to await further instructions. The Imuler Trojan has two main methods of stealing information: It searches the system for user dataIt can also take screenshots This data is then uploaded to the controller’s server. Intego VirusBarrier users with up-to-date virus definitions are protected from this threat, which is detected as Trojan:OSX/Imuler.E.
Mac Antivirus Reviews. New Flashback Trojan Horse Variant Uses Novel Delivery Method to Infect Macs. Malware Intego first discovered the Flashback Trojan horse in September 2011, and since then has seen a number of variants of this malware.
A variant discovered in October 2011 notably damaged some system files. In the past few months, Intego has found new variants of the Flashback Trojan horse every few days, but the company’s latest discovery is a bit surprising. The people behind the Flashback Trojan horse have begun using a novel delivery method to infect Macs. Taking advantage of two Java vulnerabilities, this latest variant is able to install itself on a Mac with much more limited user intervention. Found in the wild, this new variant installs an executable file in the /tmp directory, applies executable permissions with the chmod command, then launches the executable with the nohup command.
A few points need to be made regarding Java and Mac OS X. Also, the current version of Java for Mac OS X has patched the vulnerabilities that are being exploited. Apple. New Imuler Variant Found–Steer Clear of “Your Dirty Pics” Malware Update – September 23, 2012 This Trojan is being targeted at Tibetan activists.
It has been reported as being received in a threatening email with the following text: Subject: “F*** you [recipient name]! I got your dirty naked photos.” Body: “F*** you A******! Intego has discovered a new version of the Imuler Trojan horse, which was first discovered in September 2011. Below is a screenshot of the contents of the ZIP, which were housed in a file called “Your Dirt” (we took the liberty of covering the naughty bits): The malware quickly deletes itself, replacing the original application with a real JPEG image corresponding to the one that was an application.
The Trojan creates the following malicious files on an affected system: /tmp/.mdworker/tmp/updtdata/tmp/launch-IORF98~/Library/LaunchAgents/ScheduledSync.plist~/Library/LaunchAgents/ScheduledSync Once active, the Imuler calls home to www.ouchmen.com to await further instructions. Both are uploaded to the controller’s server.