Installed malware might be used to encrypt data, take screenshots/record the screen, steal credentials and other confidential information, obtain personal account details, record data saved on the clipboard, and so on. It is very likely that cyber criminals behind NUKESPED use it to infect systems with additional malware.įor example, banking malware, other Trojan types, and so on.
#How to get rid of trojan backdoor virus on a mac update#
This Trojan can be used to terminate processes, receive information about the system, check and update the configuration of a 'backdoor', execute shell commands, and download, upload, and execute files. The hidden file is used by cyber criminals to establish communication through Command and Control (C&C) servers and perform various actions. While the video is playing, NUKESPED creates a hidden file in " ~/.FlashUpdateCheck" and installs a persistence mechanism for it though a " ~/Library/Launchagents/" PLIST file. The malicious version uses the legitimate one to play a SWF (Adobe Flash file format) video. The Mac App bundle runs NUKESPED, which is disguised as a legitimate version of Flash Player (and to hide the genuine version). Cyber criminals employ NUKESPED as a tool to remotely access and control infected computers. They distributed this malicious software through an Excel document using a Mac App bundle, which contains legitimate and malicious versions of Adobe Flash Player files. The group of cyber criminals who designed and spread this malware is called Lazarus.
NUKESPED is a backdoor Trojan, which targets Mac users in Korea.
0 kommentar(er)
