PokerStealer Another OSX Trojan

Home > Emerging Threats, Malwares > PokerStealer Another OSX Trojan

PokerStealer Another OSX Trojan

June 24, 2008 Methusela Cebrian Ferrer Leave a comment Go to comments

A day after SecureMac discovered AppleScript.THT, Intego released its security advisory discovering another trojan named OSX.Trojan.PokerStealer.

Let’s take a closer look …

When clicking or executing PokerGame.app, it displays this message box.

However, it displays this error message box when the root password supplied is wrong.

In background, it connects to a remote server where it reports the infected users’ IP address.

Furthermore, it collects users’ information such as username, password hashes and IP address and logs it to a “secret_file” where this trojan tries retrieve these gathered information and sends it through email.

It also enable SSH for possible remote connection later.

Categories: Emerging Threats, Malwares Tags: corrupt preference, ipid.shat.net/iponly, malicious script, OSX.Trojan.PokerStealer, OSX/Hovdy-A, PokerGame trojan, PokerStealer, psidude.com, secret_file, Twin Trojans

Comments (0) Trackbacks (0) Leave a comment Trackback

No comments yet.

No trackbacks yet.

Today is my last day at PC Tools Zero Day: OS X ARD Agent Root Escalation Vulnerability

	Bharani on About
	Adrien Pujol on About
	PremierOpinion Revis… on “PremierOpinion” S…
	Dennis D. Hubilla on About
	TheDude on “PremierOpinion” S…

M	T	W	T	F	S	S
« May				Jul »
						1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30

iThreats

PokerStealer Another OSX Trojan

Threat Researcher

Blog Stats

Twitter Updates

Pictures of the Day

AV Blogroll

Latest Advisories

Top Posts

Recent Comments

Recent Posts

Meta

Spam Blocked

Archives

Reference

Email Subscription