OSX/Lamadai [Threat Name] go to Threat

OSX/Lamadai.A [Threat Variant Name]

Category trojan
Size 60100 B
Detection created Mar 26, 2012
Signature database version 7001
Aliases Backdoor.OSX.Lasyr.a (Kaspersky)
  OSX/Olyx (McAfee)
  Backdoor.Olyx (Symantec)
  Backdoor:MacOS_X/Olyx.B (Microsoft)
Short description

The trojan serves as a backdoor. It can be controlled remotely.

Installation

When executed, the trojan copies itself into the following location:

  • /Library/Audio/Plug-Ins/AudioServer

The OSX/Lamadai.A creates the following file:

  • /Library/LaunchAgents/com.apple.DockActions.plist

This causes the trojan to be executed on every application start.

Other information

The trojan acquires data and commands from a remote computer or the Internet.


The trojan connects to the following address:

  • dns.as%removed%a.com

It tries to connect to remote machine to port:

  • 8008

The trojan may execute the following commands:

  • execute shell commands
  • download files from a remote computer and/or the Internet
  • send files to a remote computer

Please enable Javascript to ensure correct displaying of this content and refresh this page.