Mac users at risk of iWorm, OS X malware infecting computers via Reddit

Anu Passary, Tech Times 04 October 2014, 10:10 am

Several Mac users are at a risk of having their machines infected by the iWorm as hackers have tapped a vulnerability in the device's OS X.

The iWorm malware is infecting Mac computers via Reddit to remove user data, as well as conduct several other actions like executing Lua scripts. Hackers are deploying the flaw in the Mac's OS to control several Apple PCs all over the world.

The malware dubbed Mac.BackDoor.iWorm was first discovered by Dr. Web, a Russian security firm. According to the security firm, nearly 17,658 Mac PCs all over the world were infected as of Sept. 26. Of this number, 4,610 are in the U.S.

So how does the malware work? Once a Mac is vulnerable to iWorm, the malware attempts to establish a link to a command server and waits for an inward connection. Once iWorm is installed it generates a file and unlocks a port on the infected PC to get a control server address list. Once a connection to the remote server is established, the hackers can initiate commands to the infected PC or "botnet." Botnets are usually deployed to send spam messages or deluge websites with traffic so that they crash.

The malware was apparently able to use the search function on Reddit to locate comments that were left by the hackers in a discussion pertaining to Minecraft on the site. The Reddit thread has been shut down since. However, it is likely that the malware's creators have put up an alternate server list elsewhere. Currently, it seems that the botnets are not being used to generate any attacks and the hackers are likely expanding their network as of now.

If your Mac PC is infected by the iWorm malware then it will be able to collect and relay sensitive user data, put your PC to sleep, download files, send a GET query and perform several other backdoor operations.

To check if your Mac has been infected by iWorm, from the OS X Finder tab navigate to Go > Go to Folder. Next, type /Library/Application Support/JavaW. If your PC is unable to find the said folder you are safe. However, if you do locate the folder, use an anti-virus to remove iWorm from your drive.