Home > Malwares > OSX/Jahlav evading scanners detection

OSX/Jahlav evading scanners detection

December 10, 2008 Leave a comment Go to comments

OSX/Jahlav new variant shows a little trick to evade AV (security scanners ) detection.

preinstall3The same trick for the next script …

preinstall_drop3So it stops here since the last decoded script remains the same except on the IP address value.

Unfortunately, this changes affects the container as well which is the DMG file. Overall,  we are not seeing significant change here although it is obvious the author wants to maximize infection.

Categories: Malwares Tags: , , , , , ,
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.