OSX/Revir-B

Category: Viruses and SpywareProtection available since:23 Sep 2011 09:36:57 (GMT)
Type: TrojanLast Updated:18 Dec 2012 13:59:47 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

OSX/Revir-B displays a Chinese PDF file about the Diaoyu or Senkaku Islands dispute.  Meanwhile it drops a file to as /tmp/host (also detected as OSX/Revir-B)

/tmp/host downloads OSX/Imuler-A from http:// tarmu . narod . ru/cdmax as /tmp/updtdata.

/tmp/updtdata is a backdoor.  It looks like it gets instructions/configuration from teklimakan . org.  It has the ability to upload file to a remote server, download and run files as well as delete files on the local machine.


Examples of OSX/Revir-B include:

Example 1

File Information

Size
214K
SHA-1
0d78d8a124bda647ed34ba530ca9056e5658e11d
MD5
aa2b4f2894577b20785718e6920df8c2
CRC-32
21bd25ab
File type
Unspecified binary - probably data
First seen
2011-07-20

Other vendor detection

Kaspersky
Trojan-Dropper.OSX.Revir.a

Example 2

File Information

Size
171K
SHA-1
5ec0e2ca7307fe2187e897d1b025321cc582ddd0
MD5
a51e119507d279396e259f8b4ce9de8a
CRC-32
b4e97b0e
File type
Unspecified binary - probably data
First seen
2011-09-26

Other vendor detection

Kaspersky
Trojan-Downloader.OSX.Revir.a

Example 3

File Information

Size
185K
SHA-1
60b0ef03b65d08e4ea753c63a93d26467e9b953e
MD5
fe4aefe0a416192a1a6916f8fc1ce484
CRC-32
8a13aabf
File type
Unspecified binary - probably data
First seen
2011-07-20

Other vendor detection

Kaspersky
Trojan-Dropper.OSX.Revir.a

Further information

There is more information about OSX/Revir-B on the blog article Mac OS X Trojan hides behind malicious PDF disguise.