Posted: December 3, 2019

iWorm Description

iWorm is a backdoor Trojan targeting OS X systems. iWorm gives attackers control over your PC through a concealed backdoor and is notable for abusing Reddit forums for part of its C&C communications. Users of OS X should avoid illegitimate Flash updates and let their compatible anti-malware tools delete iWorm immediately, in most circumstances.

A Trojan with Creative Abuses for Forum Posts

While Mac-oriented Trojan campaigns and infections are a minority, dwarfed by their Windows counterparts, the few that do exist are similar to one another notably. For example, iWorm – a backdoor Trojan, rather than a worm – of 2014-2016 uses standard persistence exploits for the OS X environment while delivering equally-unsurprising invasion and control capabilities over to its handlers. If there's anything that stands out about iWorm, it's not what it does, but a portion of how it chooses to do it: with the help of social media.

iWorm is a backdoor Trojan whose command-executing features imply a botnet structure that takes over randomly-attacked OS X computers and recruits them as 'zombies' for DDoSing, cryptocurrency mining or pay-per-click fraud. Although iWorm uses regular Web servers for its Command & Control contacts, from which it receives its instructions, there is an interesting detail in how it does so. Instead of having hard-coded IP addresses or a more conventional form of dynamic address book, iWorm gets its addresses from a Reddit sub-forum that provides Minecraft server lists. Fortunately, the sub-forum is no longer operational – meaning that iWorm is a crippled threat without any long-term persistence.

However, iWorm's payload includes numerous features that show that its admins intended to make abusive use of infected OS X computers. The Trojan could download files automatically, execute Lua scripts, perform traffic-relaying activities, update its botnet information, and transfer over system information to attackers.

How Your Flash Patch Opens Up an Unwanted Door

iWorm's old campaign made use of a social engineering tactic leveraging Adobe's reputation for credibility. These fake Flash updates deliver iWorm through pop-ups with appropriate logos and related imagery, although, in some instances, the attempt failed due to unanalyzed bugs. Interestingly, iWorm isn't a port of a previous threat for another OS, and no versions of it appear extant for Windows, Linux, etc.

Malware researchers find most iWorm infections centering around the United States, Canada, or the United Kingdom, in that order of prominence. Others are, however, active in other nations throughout the world. Mac OS X users should avoid unsafe update resources – pop-ups from advertising networks or non-Adobe-endorsed websites, particularly – and scan all downloads before opening them.

Compatible anti-malware tools may delete iWorm or quarantine it safely for further analysis by security researchers. iWorm's hijacking of a legal business service isn't the only time this has happened, but its implementation is a somewhat novel one. Any helpful tool, even something as simple as a forum for talking to others, can become a weaponized danger to others when hackers put their minds to it.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to iWorm may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Related Posts

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.