Remove OSX.Netwire Backdoor Trojan from Mac (Update August 2019)
THREAT REMOVAL

Remove OSX.Netwire Backdoor Trojan from Mac

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Update August 2019. OSX.Netwire also known as Netwire backdoor or Netwire Trojan is the name of a Trojan horse that is currently targeting Mac users. The threat opens a backdoor on the compromised system which may lead to various malicious outcomes.

The Trojan may have the ability to execute remote commands, download files and transfer data, and it could further allow hackers to access and fully control your Mac. Furthermore, the Netwire Trojan could help them steal your sensitive information. In the event that you see OSX.Netwire detection on your Mac, we recommend you to keep up with our removal guide.

Threat Summary

NameOSX.Netwire
TypeBackdoor Trojan for MacOS
Short DescriptionAims to sneak into your Mac undetected to perform series of malicious activities.
SymptomsThe malware aims to remain undetected, so no evident symptoms may be registered.
Distribution Method Malspam, Compromised websites
Detection Tool See If Your System Has Been Affected by OSX.Netwire

Combo Cleaner

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss OSX.Netwire.

OSX.Netwire Backdoor Trojan – Details

Note. The OSX.Netwire Trojan is being distributed with the help of a security vulnerability in the Mozilla Firefox browser known as CVE-2019-11707. The vulnerability is “a type confusion vulnerability” that can be triggered when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. Security researchers are aware of targeted attacks in the wild abusing the vulnerability.

Symantec security researchers were also able to determine that OSX.Netwire is capable of creating the following files on an infected Mac:

%Home%/.defaults/Finder.app/Contents/MacOS/Finder
%Home%/.defaults/Finder.app/Contents/MacOS/.settings.conf
%Home%/.defaults/Finder.app/Contents/Info.plist
%Home%/Library/LaunchAgents/com.mac.host.plist

Once this is done, the malware opens a backdoor and connects to a remote location. Furthermore, as long as the connection remains uninterrupted, they could perform all of the actions mentioned below:

  • Gather information about your computer
  • Send a list of currently-running processes
  • Kill processes
  • Run or delete files
  • Receive files from, or send files to, a remote server
  • Uninstall itself
  • Send an Apple event to initiate your computer to sleep, restart, shut down and log out
  • Open a bash shell command prompt

Another threat similar to OSX.Netwire is

Longage.A Backdoor Trojan.

Remove OSX.Netwire Trojan Backdoor Trojan from Your Mac

In order to remove OSX.Netwire Trojan along with all associated files that enable it to perform various malicious activities, you should complete several removal steps. In the guide below you will find all removal steps in their precise order. You could choose between manual and automatic removal approach. In order to fully get rid of this nasty malware and strengthen the security of your device we recommend you to combine the steps.

Avatar

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...