The first Trojan in history to steal Linux and Mac OS X passwords
August 22, 2012
It's not clear yet how the Trojan, which was added to the Dr.Web virus database as Mac.BackDoor.Wirenet.1, spreads. This malicious program is a backdoor that can work under Linux as well as under Mac OS X.
When launched, it creates its copy in the user's home directory. The program uses the Advanced Encryption Standard (AES) to communicate with its control server whose address is 212.7.208.65.

Mac.BackDoor.Wirenet.1 also operates as a keylogger (it sends gathered keyboard input data to intruders); in addition, it steals passwords entered by the user in Opera, Firefox, Chrome, and Chromium, and passwords stored by such applications as Thunderbird, SeaMonkey, and Pidgin. Anti-virus software from Doctor Web successfully detects and removes the backdoor, so the threat does not pose a serious danger to systems protected by Dr.Web for Mac OS X and Dr.Web for Linux.

![[Blog Dr.Web]](http://st.drweb.com/static/new-www/social/drweb.png)
![[You Tube]](http://st.drweb.com/static/new-www/social/youtube.png)
![[Twitter]](http://st.drweb.com/static/new-www/social/twitter.png)
![[Facebook]](http://st.drweb.com/static/new-www/social/facebook.png)
![[Instagram]](http://st.drweb.com/static/new-www/social/instagram.png)
![[Spiceworks]](http://st.drweb.com/static/new-www/social/spiceworks.png)
Your opinion counts
Sign in or register to comment on our news posts and take advantage of other benefits available to registered users. You will be awarded one Dr.Webling per comment. You can exchange your Dr.Weblings for gift certificates that can be used to purchase Dr.Web at a discount.
Other comments