Home > Malwares > OSX/Jahlav evading scanners detection

OSX/Jahlav evading scanners detection

OSX/Jahlav new variant shows a little trick to evade AV (security scanners ) detection.

preinstall3The same trick for the next script …

preinstall_drop3So it stops here since the last decoded script remains the same except on the IP address value.

Unfortunately, this changes affects the container as well which is the DMG file. Overall,  we are not seeing significant change here although it is obvious the author wants to maximize infection.

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: