OSX/NetWrdRC-A is a remote access and data stealing tool.
When run, OSX/NetWrdRC-A enables remote access to the system. OSX/NetWrdRC-A can monitor running processes, send shell commands, take screenshots, download and run files and identify frontmost window titles.
OSX/NetWrdRC-A provides functionality to harvest stored and encrypted usernames and passwords from Opera, Firefox, SeaMonkey and Thunderbird browsers and mail clients.
When run, OSX/NetWrdRC-A installs an application bundle at ~/WIFIADAPT.app.app and launches it. This process then creates and opens an empty file at /tmp/.lbOOjfsO
OSX/NetWrdRC-A also creates a login item for the current user, but the entry opens ~/ (the user's home directory) instead of ~/WIFIADAPT.app.app
Finally, OSX/NetWrdRC-A attempts to connect to a dedicated server in the Netherlands on port 4141 and listen for instructions from the remote server.
Examples of OSX/NetWrdRC-A include:
Example 1
File Information
- Size
- 65K
- SHA-1
- 0aa2d6050a4dbec99701b5d2843316bae4dddee9
- MD5
- 1939180dfac3118dfe163294518696b2
- CRC-32
- dc54eaff
- File type
- Apple Mac executable
- First seen
- 2007-08-26
Example 2
File Information
- Size
- 65K
- SHA-1
- 103c14addf91e148a31ac0c82c1698b68f52c3bf
- MD5
- 317081d7fdd171e5d2aa644ada1914f4
- CRC-32
- 3c344583
- File type
- Apple Mac executable
- First seen
- 2013-04-10
Example 3
File Information
- Size
- 58K
- SHA-1
- 191a91213a2b09708405f0127691ccc58849d491
- MD5
- fc8f28d00e8c0cc4ce33318b12c08f86
- CRC-32
- fdfe57da
- File type
- Apple Mac executable
- First seen
- 2013-07-14