PokerStealer Another OSX Trojan
Let’s take a closer look …
However, it displays this error message box when the root password supplied is wrong.
In background, it connects to a remote server where it reports the infected users’ IP address.
Furthermore, it collects users’ information such as username, password hashes and IP address and logs it to a “secret_file” where this trojan tries retrieve these gathered information and sends it through email.
It also enable SSH for possible remote connection later.