OSX/TrojanDownloader.Jahlav [Threat Name] go to Threat

OSX/TrojanDownloader.Jahlav.NAK [Threat Variant Name]

Category trojan
Size 31232 B
Aliases Trojan-Downloader.OSX.Jahlav.i (Kaspersky)
  OSX.RSPlug.A (Symantec)
Short description

OSX/TrojanDownloader.Jahlav.NAK is a trojan which tries to download other malware from the Internet.


When executed, the trojan copies itself into the /Library/Internet Plug-Ins/ folder using the following name:

  • AdobeFlash

The trojan ensures it is run every 5 hours by adding an entry to the crontab configuration file.

Other information

The trojan contains an URL address. It tries to download several files from the address.

These are stored in the following locations:

  • /tmp/%variable%

A string with variable content is used instead of %variable% .

The files are then executed. The HTTP protocol is used.

Please enable Javascript to ensure correct displaying of this content and refresh this page.