All Apple news

“Doctor Web” warned of the dangerous backdoor code for Mac

The Specialists Of Dr.Web discovered a Trojan for the macOS operating system, able to perform coming from the attackers command. Backdoor was added to the virus database of the company under the name Mac.BackDoor.Systemd.1.

At the time of launching the malware displays to the console a message with a typo “This file is corrupted and connot be opened” and then restarts itself as a daemon with the name systemd. With this Mac.BackDoor.Systemd.1 tries to hide its own file, setting the appropriate flags. The Trojan then registers itself in the startup, which creates a file with the commands sh and file .plist.

Encrypted configuration information is stored in the file of the Trojan. Depending on her Mac.BackDoor.Systemd.1 either communicates with the managing server, or waits for incoming connection requests.

After the backdoor executes the incoming commands and periodically sending to the attackers the following information:

  • the name and version of the operating system;
  • username;
  • whether the user has administrator privileges (root);
  • The MAC addresses of all available network interfaces;
  • The IP addresses of all available network interfaces;
  • the external IP address;
  • processor type;
  • RAM;
  • data about the version of the malware and its configuration.

The Trojan has its own file Manager, with which cybercriminals can perform various actions with files and folders on your computer.

The backdoor can perform the following commands:

  • to list the contents of a specified directory;
  • read the file;
  • to write to the file;
  • to the contents of the file;
  • to delete a file or folder.
  • to rename a file or folder;
  • change the permissions for a file or folder (chmod command);
  • change owner of the file object (chown);
  • to create a folder;
  • to execute a command in the bash shell;
  • update of the Trojan;
  • reinstall Trojan;
  • to change the IP address of the management server;
  • to install the plugin.
Read also:   In Germany Internet speed 50 Mbps will make standard by 2018

The company noted that Mac.BackDoor.Systemd.1 detected and removed by Dr. Web. Specialists recommended to install their anti-virus for Mac.

Leave a Reply

Your email address will not be published. Required fields are marked *