2008 June 24 « iThreats

PokerStealer Another OSX Trojan

June 24, 2008 Methusela Cebrian Ferrer Leave a comment

A day after SecureMac discovered AppleScript.THT, Intego released its security advisory discovering another trojan named OSX.Trojan.PokerStealer.

Let’s take a closer look …

When clicking or executing PokerGame.app, it displays this message box.

However, it displays this error message box when the root password supplied is wrong.

In background, it connects to a remote server where it reports the infected users’ IP address.

Furthermore, it collects users’ information such as username, password hashes and IP address and logs it to a “secret_file” where this trojan tries retrieve these gathered information and sends it through email.

It also enable SSH for possible remote connection later.

Categories: Emerging Threats, Malwares Tags: corrupt preference, ipid.shat.net/iponly, malicious script, OSX.Trojan.PokerStealer, OSX/Hovdy-A, PokerGame trojan, PokerStealer, psidude.com, secret_file, Twin Trojans

	Scott on How to Remove Starfield
	Ratan on Summary of ASF File Speci…
	loewenherz.cc … on Summary of ASF File Speci…
	N. Cheatham on Analysis of OSX Starfield
	Rudolf Jockers on Just a note…

M	T	W	T	F	S	S
« May				Jul »
						1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30

iThreats

Archive

PokerStealer Another OSX Trojan

Threat Researcher

Blog Stats

Twitter Updates

Pictures of the Day

AV Blogroll

Home

Latest Advisories

Top Posts

Recent Comments

Recent Posts

Meta

Archives

Reference

Follow “iThreats”