OSX/FkCodec-A

Category: Viruses and Spyware Protection available since:23 Apr 2012 03:30:26 (GMT)
Type: Trojan Last Updated:11 Jun 2013 05:53:50 (GMT)
Prevalence: Major Outbreak Publisher Name:Codec-M
Publisher URL:http://codecm.com/privacy.php

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

OSX/FkCodec-A is a fake installer that claims to be installing a video codec.

Instead, OSX/FkCodec-A installs a safari extension that serves ads and monitors browser activity and an updater daemon that checks for updated versions of the "codec" and downloads and runs the installer if the version on the server is newer than the version installed.  If there is no version installed (the safari extension has been forcibly removed) it will run the updater.

Examples of OSX/FkCodec-A include:

Example 1

File Information

Size
18K
SHA-1
5d577fbd1e9bbf78b476964c6fd2c9cc36208e34
MD5
74812c7b6e0a55347284abfa7d5670bf
CRC-32
c27e8c26
File type
Unspecified binary - probably data
First seen
2012-11-17

Example 2

File Information

Size
613K
SHA-1
65747102e61326855a6a1ae6e527ecc760cd5237
MD5
b4ece10d1e706b87b065523a654d48a7
CRC-32
c1f2891d
File type
Unspecified binary - probably data
First seen
2012-04-20

Example 3

File Information

Size
312K
SHA-1
7352e9e9a93c6a08753ef843f9be0b02ef919ec5
MD5
33420c0923f5a959ce3346dd0974404a
CRC-32
e0fae65c
File type
Unspecified binary - probably data
First seen
2012-04-20

download Try Sophos products for free
Download now

© 1997 - 2013 Sophos Ltd. All rights reserved. Legal Privacy Cookie Information