OSX/NetWrdRC-A

Category: Viruses and SpywareProtection available since:23 Aug 2012 22:59:13 (GMT)
Type: TrojanLast Updated:18 Mar 2014 01:43:36 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

OSX/NetWrdRC-A is a remote access and data stealing tool.

When run, OSX/NetWrdRC-A enables remote access to the system.  OSX/NetWrdRC-A can monitor running processes, send shell commands, take screenshots, download and run files and identify frontmost window titles.

OSX/NetWrdRC-A provides functionality to harvest stored and encrypted usernames and passwords from Opera, Firefox, SeaMonkey and Thunderbird browsers and mail clients.

When run, OSX/NetWrdRC-A installs an application bundle at ~/WIFIADAPT.app.app and launches it.  This process then creates and opens an empty file at /tmp/.lbOOjfsO

OSX/NetWrdRC-A also creates a login item for the current user, but the entry opens ~/ (the user's home directory) instead of ~/WIFIADAPT.app.app

Finally, OSX/NetWrdRC-A attempts to connect to a dedicated server in the Netherlands on port 4141 and listen for instructions from the remote server.

Examples of OSX/NetWrdRC-A include:

Example 1

File Information

Size
65K
SHA-1
0aa2d6050a4dbec99701b5d2843316bae4dddee9
MD5
1939180dfac3118dfe163294518696b2
CRC-32
dc54eaff
File type
Apple Mac executable
First seen
2007-08-26

Example 2

File Information

Size
65K
SHA-1
103c14addf91e148a31ac0c82c1698b68f52c3bf
MD5
317081d7fdd171e5d2aa644ada1914f4
CRC-32
3c344583
File type
Apple Mac executable
First seen
2013-04-10

Example 3

File Information

Size
58K
SHA-1
191a91213a2b09708405f0127691ccc58849d491
MD5
fc8f28d00e8c0cc4ce33318b12c08f86
CRC-32
fdfe57da
File type
Apple Mac executable
First seen
2013-07-14