AppleScriptTHT
also known as OSX/ARDScript.A, OSX/Hovdy.A
- Type:
- Trojan Horse
- Platform:
- Mac OS X
- Last updated:
- 02/09/16 9:14 pm
- Threat Level:
- High
Description
AppleScriptTHT is a trojan horse. First spotted in the wild in 2008, the malware was discovered when it was offered for distribution on a hacker website, with site forum members discussing possible delivery vectors which included the messaging app iChat and the filesharing service LimeWire.
In order to become infected, a user must first download and launch AppleScriptTHT. Once installed, the Trojan exploits a vulnerability in the Apple Remote Desktop Agent in order to gain administrative privileges on the infected Mac. It then enables file sharing, web sharing, and remote login. The Trojan runs quietly on the system, allowing a malicious actor to access the computer remotely, capture passwords, log keystrokes, operate the camera, and take screenshots.
AppleScriptTHT evades detection by opening ports in the computer’s firewall and disabling system logging. Originally released as uncompiled source code, the malware was subsequently repackaged either as a compiled AppleScript named ASthtv05 or as an app bundle named AStht_v06.
AppleScriptTHT Threat Removal
MacScan can detect and remove AppleScriptTHT Trojan Horse from your system, as well as provide protection against other security and privacy threats. A 30-day trial is available to scan your system for this threat.
