One thing loved by Mac OS and Linux user is, the minimum of virus attack. Even it can be said that both operating system free from dangerous virus! But that record is broken a bit by the finding of stealing-password-trojan which attacked Mac OS and Linux. Not just stealing password, the Trojan also acted like keylogger which is able to record our keyboard activity!
Russian Antivirus company, Doctor Web, was the first company which found this dangerous Trojan. They called the Trojan as BackDoor.Wirenet.1. This Trojan is the first stealing-password-Trojan which attacked Mac OS and Linux.
This Trojan acted by duplicating themselves in home directory of their user (folder% home% / WIFIADAPT.app.app for Mac OS and ~ / WIFIADAPT for Linux). Then the Trojan uses AES encryption to communicate with server which has IP IP 220.127.116.11
This Trojan then will steal password stored in various popular internet application like Opera, Firefox, Chrome, Thunderbird, SeaMonkey, Pidgin, etc.
This Trojan will also act like keylogger which will record all things we typed via keyboard.
To overcome the Trojan, you can clean this Trojan manually by this way:
1. Do file searching which contained title: WIFIADAPT and delete all of them
2. Block IP 18.104.22.168 so that your computer cannot communicate with the Trojan server.
To delete it automatically, you can download Dr. Web Anti-virus trial version here:
Doctor Web hasn’t found any clue about how this Trojan distribution method. However, there are many of Linux or Mac OS users considered this Trojan spread won’t be too “far”. It because permission system of both operating system is quite strong and make difficulties for virus users.
As Linux user, SOT suggested you to be more careful when installing application outside repository. Because who knows, that’s where this Trojan come from.