infected torrents led to iWorm Mac OS X infection
October 2014 by Virus Bulletin
Virus Bulletin has published a tactical study of iWorm, a
recently discovered Mac OS X backdoor which gives attackers full
access to the victim’s machine.
Patrick Wardle, Director of Research at Synack, explains how an
infection starts with the user downloading a pirated version of
Adobe Photoshop or Microsoft Office from a Torrent site.
He explains how iWorm maintains persistence relatively easily on
the infected device, thus making sure it runs even after a
reboot.
The paper, ’Invading the core: iWorm’s infection vector and
persistence’ can be read online at
https://www.virusbtn.com/virusbulletin/archive/2014/10/vb201410-iWorm
in HTML format, or downloaded as a PDF from
https://www.virusbtn.com/pdf/magazine/2014/vb201410-iWorm.pdf
(both links can be shared freely)
Last month, at the VB2014 conference Patrick presented a paper
on various methods used by malware to install persistently on
Mac OS X devices. He also launched the open-source ’KnockKnock’
tool that can be used to determine which processes are installed
persistently.
His conference paper ’Methods of malware persistence on Mac OS
X’ can be browsed online at:
https://www.virusbtn.com/virusbulletin/archive/2014/10/vb201410-malware-persistence-MacOSX
in HTML format, or downloaded as a PDF from
https://www.virusbtn.com/pdf/conference/vb2014/VB2014-Wardle.pdf
(these links can also be shared freely)