Mac OS X backdoor trojan

OSX/AsTHT.A backdoor Trojan is designed to affect Apple operating systems such as MacOS, Leopard or Tiger. When run, the backdoor Trojan uses an Apple Remote Desktop Agent vulnerability to gain privilege escalation and administrator permissions. It then copies itself onto the system and sends a mail to its creator reporting the infection. It also associates the victim’s IP address to a Dynamic DNS service to continue having access to the infected computer even if the address is modified.

OSX/AsTHT.A accesses the computer through a VNC server (Vine Server) it includes, and through SSH. It also enables a web server where the remote control tool is hosted.

This malicious code drops a keylogger on the system which can capture images through the iSight integrated camera.

Additionally, if more than one user is registered on the PC, it tries to guess their credentials using a brute force program. It is also designed to disable the firewall and disable, delete and modify several system log files to prevent leaving trails and impede detection.




Share this