Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    March 2014
    S M T W T F S
    « Feb   Apr »
  • Email Subscription

  • About Us

    Archive for March 10th, 2014

    Last month, security researchers released a report about a targeted attack operation which they named Careto, or Mask in Spanish. The attack was noted for encoding its configuration data and encrypting its network traffic, making analysis more difficult.

    However, the capabilities of the Mac malware used in Careto was not as sophisticated as its Windows counterpart. (We detect this as OSX_CARETO.A.) It connects to a hardcoded command-and-control (C&C) server and runs /bin/sh to open a shell, which can then run commands sent from the C&C server. This particular backdoor is only approximately 88 kilobytes in size, which is not particularly large (especially since it contains both 32- and 64-bit code.) However, analysis of this malware is still not easy, due to the mentioned encoding and encryption. In this blog post, we look into the details of this encoding and encryption.

    Figure 1. File structure of OSX_CARETO.A

    Read the rest of this entry »

    Posted in Malware | 1 TrackBack »


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice