OSX/Sabpab [Threat Name] go to Threat
OSX/Sabpab.A [Threat Variant Name]
|Detection created||Apr 16, 2012|
|Signature database version||7059|
The trojan serves as a backdoor. It can be controlled remotely.
When executed, the trojan copies itself into the following location:
In order to be executed on every system start, the trojan creates the following file:
The trojan acquires data and commands from a remote computer or the Internet.
The trojan contains an URL address. The HTTP protocol is used.
It can execute the following operations:
- send the list of files on specific drive to a remote computer
- download files from a remote computer and/or the Internet
- send files to a remote computer
- run executable files
- capture screenshots