It is likely that cyber criminals use Tarmac to proliferate malware (infect computers with other malicious programs).įor example, ransomware, banking malware, etc. Other commands might be used to download, install, and execute various applications. These can be used to perform various actions.įor example, to force browsers to open addresses that lead to the download web pages of software (possibly, malware). Tarmac receives commands through the Command & Control server.
Once installation of Tarmac is complete, WebView loads a legitimate installer of Flash Player just to trick users into believing that the installation is successful.
If the victim enters it, Tarmac loads WebView, which mimics the installer of Flash Player, however, the malware will run even if the credentials are not entered - entering them will simply lead to opening the fake Adobe Flash Player installer and, potentially, login/password theft (this data is often saved to a remote server). Once this is done, it asks the user to enter the administrator's password. The Tarmac launcher loads this malware from its folder (Player.app/Contents/Resources/Player.app/Contents/MacOS/CB61E0A8408E) with administrator privileges. The OSX/Shlayer.D script achieves this by connecting to the Control and Command server of Tarmac malware, downloading and then executing an encrypted archive that contains Tarmac. OSX/Shlayer.D malware downloads and executes Tarmac using two applications that embed two code-signed and RSA-encrypted scripts. To prevent this, we strongly recommend that you remove Tarmac from your system immediately. I.e., to infect computers with other malware. Tarmac can be used to download, install, and execute malicious apps. OSX/Shlayer.D typically injects Tarmac via fake Adobe Flash updaters/installers. This trojan is distributed through other malware called OSX/Shlayer.D, which is a new variant of the OSX/Shlayer malicious program. Tarmac is malicious software categorized as a trojan and also known by the name OSX/Tarmac.
0 kommentar(er)
