OSX/Iservice [Threat Name] go to Threat

OSX/Iservice.AA [Threat Variant Name]

Category trojan
Size 413568 B
Aliases Backdoor.OSX.iWorm.a (Kaspersky)
  OSX.Iservice (Symantec)
  OSX/IWService.a (McAfee)
Short description

The trojan serves as a backdoor. It can be controlled remotely.


When executed, the trojan copies itself into the /usr/bin folder using the following name:

  • iWorkServices

The trojan creates the following files:

  • /System/Library/StartupItems/iWorkServices/StartupParameters.plist
  • /System/Library/StartupItems/iWorkServices/iWorkServices

This causes the trojan to be executed on every system start.

Other information

The trojan acquires data and commands from a remote computer or the Internet.

The trojan contains a list of (2) addresses. It uses its own P2P network for communication.

It can execute the following operations:

  • download files from a remote computer and/or the Internet
  • run executable files
  • execute shell commands
  • open ports

The trojan creates the following files:

  • /tmp/.iWorkServices

Please enable Javascript to ensure correct displaying of this content and refresh this page.