Skip to content

Export page to PDF
OSX_MUSMINIM.A

Overview


This backdoor is noteworthy because this is the new and currently under development remote administration tool (RAT) for MAC OS X platforms.

To get a one-glance comprehensive view of the behavior of this Backdoor, refer to the Threat Diagram shown below.

This OSX malware has a Windows counterpart, which Trend Micro detected as BKDR_MUSMINIM.A.

This is a remote administration tool (RAT) that has specific capabilities.

This backdoor may be unknowingly downloaded by a user while visiting malicious websites. It may be manually installed by a user.

Technical Details


File size: Varies
File type: Other
Memory resident: Yes
Initial samples received date: 26 Feb 2011
Payload: Compromises system security, Displays a fake graphical user interface (GUI)

Arrival Details

This backdoor may be unknowingly downloaded by a user while visiting malicious websites.

It may be manually installed by a user.

NOTES:
Based on analysis of the codes, it has the following capabilities:

  • Execute remote shell commands
  • Show a URL using the default browser of the affected system
  • Force the user to input login credentials
  • Shutdown the remote computer
  • Restart the remote computer
  • Put the system into sleep mode
  • Send a message
  • Create a text file on the desktop
  • Display a window with a message from the attacker that can only be removed by rebooting
  • Display the following graphical user interface (GUI):

















Solution


Minimum scan engine: 8.900
First VSAPI Pattern File: 7.864.05
First VSAPI Pattern Release Date: 28 Feb 2011
VSAPI OPR Pattern Version: 7.865.00
VSAPI OPR Pattern Release Date: 28 Feb 2011

Scan your computer with your Trend Micro product to delete files detected as OSX_MUSMINIM.A. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.


Did this description help? Tell us how we did.
Analysis By: Karl Dominguez

Connect with us on