OSX/Morcut-A

Category: Viruses and Spyware Protection available since:25 Jul 2012 01:05:49 (GMT)
Type: Trojan Last Updated:15 Apr 2015 08:13:10 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

OSX/Morcut-A is a backdoor and rootkit combination installed by a cross-platform Java application (detected as Mal/Swizzor-D) which may pretend to be an Adobe updater when downloaded and runs as "Web Enhancer".  This Java application will also install Mal/Swizzor-D if run on a Windows OS.

OSX/Morcut-A opens up a back door and connects to a remote server for instructions and updates.  If authenticated during installation, it will install the rootkit components to give itself elevated system priveleges.

OSX/Morcut-A is persistent across reboots.

OSX/Morcut-A has hooks to control/monitor the following operations: mouse coordinates, instant messenger (including skype calls, Adium, MSN Messenger), location, internal camera, clipboard contents, key presses, running applications, web uris, screenshots, internal microphone, calendar data & alerts, device information and address book contents.

Examples of OSX/Morcut-A include:

Example 1

File Information

Size
1.1M
SHA-1
042574c39dfcd4b202235d6e3c8a6dc9b433c8d5
MD5
878a9e8775ac5c926899b5e9ab38f5c9
CRC-32
1572a547
File type
JAR archive file
First seen
2013-08-11

Example 2

File Information

Size
455K
SHA-1
27804176c5924046f4e31bb43038f7fb4c6d6119
MD5
b4037014f6ad41f7502715471b988d2a
CRC-32
50668852
File type
Apple Mac executable
First seen
2007-07-27

Example 3

File Information

Size
455K
SHA-1
29080b4abf1ff44a174ffc44b6e944e5661bc6ee
MD5
acec5f00057d3ec94849511f3eddcb91
CRC-32
b8ab5a73
File type
Apple Mac executable
First seen
2012-07-24

Further information

There is more information about OSX/Morcut-A on the blog article Mac malware Crisis on Mountain Lion eve?.

download Try Sophos products for free
Download now