OSX/Kitm [Threat Name] go to Threat

OSX/Kitm.A [Threat Variant Name]

Category trojan
Size 471232 B
Detection created May 18, 2013
Signature database version 8348
Aliases Backdoor:MacOS_X/Kitmos.A (Microsoft)
  OSX/Kitmos.trojan (McAfee)
  OSX.kitmos (Symantec)
Short description

OSX/Kitm.A is a trojan that steals sensitive information. The trojan attempts to send gathered information to a remote machine.

Installation

When executed, the trojan copies itself into the following location:

  • /Users/%username%/%bundlename%.app

The trojan executes the following files:

  • /bin/sh -c open -a /Users/%username%/%bundlename%.app

The trojan modifies the following file:

  • /Users/%username%/Library/Preferences/com.apple.loginitems.plist

This causes the trojan to be executed on every system start.

Information stealing

OSX/Kitm.A is a trojan that steals sensitive information.


The trojan collects the following information:

  • screenshots

The trojan attempts to send gathered information to a remote machine.


The trojan contains a list of (2) URLs. The HTTP protocol is used.

Other information

It can execute the following operations:

  • send files to a remote computer
  • run executable files
  • send gathered information

Please enable Javascript to ensure correct displaying of this content and refresh this page.