YAT: Yet Another Trojan

[Xairbusdriver]

Intego reports another Trojan attack <Pint-Sized Backdoor for OS X Discovered> that creates some files that run other scripts in a secure (encrypted) shell. Here is a list of files that it creates and where you can easily look for them.

com.apple.cocoa.plist
cupsd (Mach-O binary)
com.apple.cupsd.plist
com.apple.cups.plist
com.apple.env.plist

Look for these files in:

~/Library/LaunchAgents
System/Library/LaunchAgents
System/Library/LaunchDaemons
Library/LaunchAgents
Library/LaunchDaemons

If any are found, gather them into a folder, compress the folder and move it to your Desktop. You will be asked for your Admin password. Restart the Mac. Check those locations again. Don't provide your Admin password when you don't understand why it is being asked for.

[krissel]

iClean.  

[dolphin]

iClean too!!!

[LR827]

Thanks, that was very helpful. I didn't find any of the listed files, but the emotional security is great.
Lorraine

[Xairbusdriver]

This one affects people who play Minecraft (which requires Java) AND who want to control other player's access to the game. In other words, evil people who like to play with known security risking software. Surely none of those at TS. But you can pass along the link to the info if you have any evil friends!

<Minecraft Hack Kit.jar>

Basically, this malware is loaded when a Minecraft player decides to cheat and/or wants to control who can play the game by taking gaining Moderator authority. It will, in reality, send the player's info (passwords, etc.) to the malware creators. I'm sure those nice people are simply trying to keep everyone honest; they will surely report the people who download the malware to the Admins at Minecraft...