Lately, a Russian security firm Dr Web spotted a new Mac malware “Mac.BackDoor.iWorm” that used Reddit to communicate with its command and control servers. The malware infected as many as 17,000 Mac PCs, primarily in the US, Canada and the UK.
Accroding to the company, “When Mac.BackDoor.iWorm is initially launched, it saves its configuration data in a separate file and tries to read the contents of the /Library directory to determine which of the installed applications the malware won’t be interacting with.”
Dr Web further added, “If ‘unwanted’ directories can’t be found, the bot uses system queries to determine the home directory of the Mac OS X account under which it is running, checks the availability of its configuration file in the directory, and writes the data needed for it to continue to operate into the file.”
The malware once entered on a victim’s machine, opens a port and waits for all the incoming signals. Then in order to communicate with the command and control servers, it then uses Reddit.