Imuler

Imuler is a backdoor that connects to a remote C&C server and enables an attacker to perform various commands on an infected system such as:

download and execute additional files.
collect system information and send it to the C&C.
capture screenshots and send them to the attacker.The first variant arrived inside a pdf file, but as far as is known was not found in the wild. Other variant appears as jpeg file, as by default on macOS file extention does not appear.Once a user clicks on the file thinking he’ will see a large view of the picture, the malware, which is actually an application bundle, is executed.

Source: Intego

The malware persists in the system by adding a LaunchAgent in the ~/Library/LaunchAgents/ folder. One specific variant of Imuler was targeting Tibetan users as the malware application bundle had images Tibetan organizations.

Source: Intego

Source: CheckPoint

Links:

New Version of Imuler Trojan Horse Masquerades as Image Files

Samples:
151c8135e46e645d3daa3b2d4332117e0b386817
1348ed679b0a5e7ae0ccb1ce52813836f884f8f1

Share this: