Imuler
Imuler is a backdoor that connects to a remote C&C server and enables an attacker to perform various commands on an infected system such as:
- download and execute additional files.
- collect system information and send it to the C&C.
- capture screenshots and send them to the attacker.The first variant arrived inside a pdf file, but as far as is known was not found in the wild. Other variant appears as jpeg file, as by default on macOS file extention does not appear.Once a user clicks on the file thinking he’ will see a large view of the picture, the malware, which is actually an application bundle, is executed.
Source: Intego
The malware persists in the system by adding a LaunchAgent in the ~/Library/LaunchAgents/ folder. One specific variant of Imuler was targeting Tibetan users as the malware application bundle had images Tibetan organizations.
Source: Intego
Source: CheckPoint
Source: CheckPoint
Links:
Samples:
151c8135e46e645d3daa3b2d4332117e0b386817
1348ed679b0a5e7ae0ccb1ce52813836f884f8f1