HITBSecConf2017 Amsterdam (April 10th - 14th)
Register Online Now!
Tsunami backdoor for Mac OS X discovered
OSX/Tsunami-A, a new backdoor Trojan horse for Mac OS X, has been discovered.
What makes Tsunami particularly interesting is that it appears to be a port of Troj/Kaiten, a Linux backdoor Trojan horse that once it has embedded itself on a computer system listens to an IRC channel for further instructions.
Typically code like this is used to rally compromised computers into a DDoS (distributed denial-of-service) attack, flooding a website with traffic. If you were wondering where the name "Tsunami" comes from, that should probably help explain things. It's not just a DDoS tool though. As you can see by the portion of OSX/Tsunami's source code that I have reproduced below, the bash script can be given a variety of different instructions and can be used to remotely access an affected computer.