AppleScriptTHT

also known as OSX/ARDScript.A, OSX/Hovdy.A

Type:
Trojan Horse

Platform:
Mac OS X

Last updated:
02/09/16 9:14 pm

Threat Level:
High

Description

AppleScriptTHT is a trojan horse. First spotted in the wild in 2008, the malware was discovered when it was offered for distribution on a hacker website, with site forum members discussing possible delivery vectors which included the messaging app iChat and the filesharing service LimeWire.

In order to become infected, a user must first download and launch AppleScriptTHT. Once installed, the Trojan exploits a vulnerability in the Apple Remote Desktop Agent in order to gain administrative privileges on the infected …

BlackHoleRAT

Type:
Trojan Horse

Platform:
Mac OS X

Last updated:
04/02/16 7:14 am

Threat Level:
High

Description

BlackHoleRAT is a Trojan horse that allows remote access by malicious third parties to an infected computer. Early versions of the Trojan were relatively unsophisticated and seemed to be intended as proof of concept, but subsequent, better-developed variants were soon discovered — and these were being offered for distribution.

BlackHoleRat is able to carry out a range of malicious actions on an infected machine, including the following: It can request an administrator password and store it to a file, execute shell scripts, turn the …

Boonana

also known as OSX/Jnana, OSX/Koobface

Type:
Trojan Horse

Platform:
Mac OS X

Last updated:
02/09/16 9:14 pm

Threat Level:
High

Description

Boonana is a trojan horse that spread through social networking sites, including Facebook, disguised as a link to a video. When a user clicked the infected link, the trojan initially ran a Java applet which downloaded other components, modified system files to bypass the need for passwords, and allowed outside access to all files on the system. The trojan would run invisibly in the background at startup, and periodically check in with a command-and-control server to report information on …

CallMe

Type:
Trojan Horse

Platform:
Mac OS X

Last updated:
04/02/16 10:02 am

Threat Level:
High

Description

CallMe is a Trojan horse that targets Tibetan activist organizations. The Trojan infects its target through a malicious Microsoft Word (.doc) file, exploiting an older Word vulnerability cataloged as CVE-2009-0563.

Once active, CallMe is able to run commands on the infected system; however, it only takes a limited number of actions using these permissions. The Trojan attempts to connect to a command and control server; creates a copy of the user’s contact list for the malware authors to access remotely; and establishes a …

CoinThief

also known as OSX/StealBit

Type:
Trojan Horse

Platform:
Mac OS X

Last updated:
02/13/16 8:48 am

Threat Level:
High

Description

CoinThief is a Trojan horse that steals Bitcoins. Early versions of the malware were distributed through GitHub, a website which hosts publicly available software source code. Subsequent versions of CoinThief were also found on popular Mac app download sites.

CoinThief comes disguised either as a cryptocurrency “wallet” app — software for sending and receiving cryptocurrency — or as a cryptocurrency price ticker. The Trojanized wallet application is called StealthBit; the price ticker apps go by the names of “Bitcoin Ticker TTM …

CpuMeaner

also known as BitCoinMiner, CoinMiner

Type:
Trojan Horse

Platform:
Mac OS X

Last updated:
01/02/18 11:56 pm

Threat Level:
High

Description

CpuMeaner is a Trojan horse. It comes disguised as a pirated software application, meaning that a victim would have to attempt to illegally download a pirated app in order to be infected by CpuMeaner. Once installed, the Trojan writes to the LaunchAgent directory in order to achieve persistence on the system (the ability to survive reboots). The malware then runs a custom version of XMRig, an open source program designed to mine the cryptocurrency Monero, and sets up a …

CreativeUpdate

also known as BitCoinMiner, CoinMiner, Miner

Type:
Trojan Horse

Platform:
Mac OS X

Last updated:
02/02/18 9:51 pm

Threat Level:
High

Description

CreativeUpdate is a Trojan horse that mines cryptocurrency. It was discovered in 2018 on the popular Mac app distribution platform MacUpdate, masquerading as the macOS utilities Deeper and OnyX, as well as an illegitimate version of Firefox. It should be noted that the developers of Deeper, OnyX, and, of course, Firefox, have nothing to do with the malware: CreativeUpdate’s authors designed their Trojan to impersonate these apps, and then circumvented the security checks at MacUpdate in order to …

Crisis

also known as OSX/Morcut

Type:
Trojan Horse

Platform:
Mac OS X

Last updated:
02/09/16 9:14 pm

Threat Level:
High

Description

Crisis is a Trojan horse that creates a backdoor on infected systems. Also known as Morcut, Crisis was first discovered in 2012, with subsequent variants appearing in the years to follow.

Crisis comes in the form of an illegitimate Adobe Flash Player installer. If installed, Crisis takes steps to achieve persistence (the ability to survive reboots), and then performs several actions, the nature of which depends on whether or not the Trojan was launched with administrative permissions. On a system which …

DNSChanger

also known as OSX/Jahlav, OSX/RSPlug, Puper

Type:
Trojan Horse

Platform:
Mac OS X

Last updated:
04/23/16 8:34 pm

Threat Level:
High

Description

DNSChanger is a trojan horse that arrived disguised as a video codec and changed the internet settings on infected computers. Once installed, the trojan horse redirected webpages in an attempt to steal login information for online banking sites. The malicious DNS servers used by the DNSChanger trojan horse were taken over by the FBI after the malware authors were arrested, and the malware network was officially shut down in July 2012.

DNSChanger Threat Removal

MacScan can detect and remove DNSChanger …

Dok

also known as OSX.Bella, OSX.Dok.A

Type:
Trojan Horse

Platform:
Mac OS X

Last updated:
07/01/19 7:50 pm

Threat Level:
High

Description

Dok is a trojan horse that arrives in a phishing e-mail disguised as a document. Dok can monitor all web traffic to and from infected computers, as well as potentially modify the network traffic to redirect users to malicious third party websites. While the core components of this trojan horse can be detected and removed, it additionally installs and alters thousands of other files on infected systems, requiring a full reinstall of macOS.

Dok Threat Removal

MacScan can detect and remove …