New malware Clampzok alters the binary files on Mac OS X

Posted: June 4, 2013 in Vulnerability News
Tags: , ,

New malware Clampzok

New MAC malware Clampzok

Information security specialists say about the identification of a new conceptual attacks aimed at compromising the operating system Mac OS X.

New malware called Clampzok.A is a cross-platform package that puts the appropriate operating system binaries. These files are in the performance of the file system infect nearby binary files..

Malicious software was written in assembly language and originally introduced back in 2006, for Windows and Linux, but now it has been updated to support 32-bit binaries Mach-O in OS X.

In contrast, Trojans, spyware, adware, or hiding in the file system so the user as much as possible not found them, on the contrary this code tries to replicate itself as widely as possible, causing a breach in the operating system. It should be noted that this behavior was extremely unusual for today’s malicious designs.

Clampzok when infected modifies _PAGEZERO segment in the normal binary file and implements the virus code there. In addition, the malware itself does not interfere with the infected file in the system, although the structure of the file appears as a link LC_UNIXTHREAD, sends the OS to a piece of malicious code. The program works this way with all the binaries on OS X, Run for as long as there will be amazed at all the files in the / bin.

It should be noted that the code only works with 32-bit files, but those files in Mac OS X is still quite a lot. In the new OS X and more programs are moving to 64-bit addressing.

One of the unpleasant features of the malware is that it “breaks” signed in the App Store programs and if those were modified binaries, they stop working until the complete removal.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s