Home > Malwares > MacCinema slight modification

MacCinema slight modification

A slightly modified variant of MacCinema was spotted in “MacPlay.dmg”.  Once you execute it, it will still display MacCinema installer. However, few modification was found in preinstall & preupgrade scripts as shown in Figure 01.

helloworldObviously, attackers are trying to maximize these threats.  The obfuscated data will extract another script, which we already seen it from previous variant.


This Trojan has been in-the-wild for months now and as it continuously proliferates in the internet, new Macintosh users are often found falling into its tricks.

Stay away from this threat!

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: