OSX/Morcut-A

Category: Viruses and Spyware Protection available since:25 Jul 2012 01:05:49 (GMT)
Type: Trojan Last Updated:02 Apr 2013 09:46:51 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

OSX/Morcut-A is a backdoor and rootkit combination installed by a cross-platform Java application (detected as Mal/Swizzor-D) which may pretend to be an Adobe updater when downloaded and runs as "Web Enhancer".  This Java application will also install Mal/Swizzor-D if run on a Windows OS.

OSX/Morcut-A opens up a back door and connects to a remote server for instructions and updates.  If authenticated during installation, it will install the rootkit components to give itself elevated system priveleges.

OSX/Morcut-A is persistent across reboots.

OSX/Morcut-A has hooks to control/monitor the following operations: mouse coordinates, instant messenger (including skype calls, Adium, MSN Messenger), location, internal camera, clipboard contents, key presses, running applications, web uris, screenshots, internal microphone, calendar data & alerts, device information and address book contents.

Examples of OSX/Morcut-A include:

Example 1

File Information

Size
455K
SHA-1
27804176c5924046f4e31bb43038f7fb4c6d6119
MD5
b4037014f6ad41f7502715471b988d2a
CRC-32
50668852
File type
Unspecified binary - probably data
First seen
2007-07-27

Example 2

File Information

Size
455K
SHA-1
29080b4abf1ff44a174ffc44b6e944e5661bc6ee
MD5
acec5f00057d3ec94849511f3eddcb91
CRC-32
b8ab5a73
File type
Unspecified binary - probably data
First seen
2012-07-24

Example 3

File Information

Size
971K
SHA-1
3cd5020f70e5f4d388fc8df07469c34b7e69e9e9
MD5
50ee651a9e544d6777902dfffcc8cf44
CRC-32
64e935c2
File type
Unspecified binary - probably data
First seen
2013-03-25

Further information

There is more information about OSX/Morcut-A on the blog article Mac malware Crisis on Mountain Lion eve?.

download Try Sophos products for free
Download now