Home > Emerging Threats, Malwares > PokerStealer Another OSX Trojan

PokerStealer Another OSX Trojan

A day after SecureMac discovered AppleScript.THT, Intego released its security advisory discovering another trojan named OSX.Trojan.PokerStealer.

Let’s take a closer look …

 When clicking or executing PokerGame.app, it displays this message box.  

However, it displays this error message box when the root password supplied is wrong.

In background, it connects to a remote server where it reports the infected users’ IP address.

Furthermore, it collects users’ information such as username, password hashes and IP address and logs it to a “secret_file” where this trojan tries retrieve these gathered information and sends it through email.

It also enable SSH for possible remote connection later. 

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: