OSX/Tsunami-A, a new backdoor Trojan horse for Mac OS X, has been discovered.
What makes Tsunami particularly interesting is that it appears to be a port of Troj/Kaiten, a Linux backdoor Trojan horse that once it has embedded itself on a computer system listens to an IRC channel for further instructions.
Typically code like this is used to rally compromised computers into a DDoS (distributed denial-of-service) attack, flooding a website with traffic.
If you were wondering where the name “Tsunami” comes from, that should probably help explain things.
It’s not just a DDoS tool though. As you can see by the portion of OSX/Tsunami’s source code that I have reproduced below, the bash script can be given a variety of different instructions and can be used to remotely access an affected computer.
Sophos’s Mac anti-virus products (including our…
Read more in my article on the Naked Security website.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.