SYMBOLCOMMON_NAMEaka. SYNONYMS
osx.imuler (Back to overview)

iMuler

aka: Revir

The threat was a multi-stage malware displaying a decoy that appeared to the victim as a Chinese language article on the long-running dispute over the Diaoyu Islands; an array of erotic pictures; or images of Tibetan organisations. It consisted of two stages: Revir was the dropper/downloader and Imuler was the backdoor capable of the following operations:

- capture screenshots
- exfiltrate files to a remote computer
- send various information about the infected computer
- extract ZIP archive
- download files from a remote computer and/or the Internet
- run executable files

References
2012-11-14Contagiodump BlogMila Parkour
Group Photos.zip OSX/Revir | OSX/iMuler samples March 2012-November 2012
iMuler
2012-11-13SophosGraham Cluley
New variant of Mac Trojan discovered, targeting Tibet
iMuler
2012-03-16ESET ResearchAlexis Dorais-Joncas
OSX/Imuler updated: still a threat on Mac OS X
iMuler

There is no Yara-Signature yet.