{"id":14485,"date":"2013-05-21T12:54:29","date_gmt":"2013-05-21T19:54:29","guid":{"rendered":"http:\/\/www.intego.com\/mac-security-blog\/?p=14485"},"modified":"2016-10-06T12:09:30","modified_gmt":"2016-10-06T19:09:30","slug":"yet-another-filesteal-variant-found-today","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/yet-another-filesteal-variant-found-today\/","title":{"rendered":"Yet Another FileSteal Variant Found Today"},"content":{"rendered":"<p>As we predicted in our <a href=\"https:\/\/www.intego.com\/mac-security-blog\/two-new-variants-of-backdoor-trojan-found-targeting-activists\/\">previous post on OSX\/Filesteal<\/a>, a new sample of FileSteal has been found. It was found on VirusTotal earlier today, though the sample seems to have been created in December of 2012. It is already detected by VirusBarrier as a OSX\/FileSteal.A.<\/p>\n<p>The server used by this variant is at:<\/p>\n<ul>\n<li>liveapple.eu\/MEny\/upload.php<\/li>\n<\/ul>\n<p>At the time of writing, the site was not responding.<\/p>\n<p>It comes in a ZIP archive with the following file name:<\/p>\n<ul>\n<li>Christmas_Card.app.zip (SHA256 &#8211; 07062d9ecb16bd3a4ea00d434f469fe63d5c1c95d1b4903705de31353e9c92ce)<\/li>\n<\/ul>\n<p style=\"text-align: center;\"><a href=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2013\/05\/ChristmasCard.png\"><img loading=\"lazy\" class=\"aligncenter size-full wp-image-14487\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2013\/05\/ChristmasCard.png\" alt=\"Christmas_Card.app\" width=\"156\" height=\"121\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2013\/05\/ChristmasCard.png 156w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2013\/05\/ChristmasCard-150x116.png 150w\" sizes=\"(max-width: 156px) 100vw, 156px\" \/><\/a><\/p>\n<p>Inside the ZIP is an application with the following name:<\/p>\n<ul>\n<li>FileBackup (SHA256 &#8211; e25bc53c1255507d17d7fa5cf79721d413f97250f6bf10df93f222f6a3073cf3)<\/li>\n<\/ul>\n<p>This executable is signed with the same revoked developer certificate as the FileSteal.B variant, attributed to &#8220;Rajinder Kumar.&#8221;<\/p>\n<p>It&#8217;s good to remember, this information is useful for what&#8217;s called &#8220;indications of compromise.&#8221; If you see a file that matches these descriptions, there is a good chance that it&#8217;s not a beneficial file. However, this does not mean that any file that doesn&#8217;t match these descriptions will be safe. It&#8217;s not possible to list the places you should not go on the Internet, in order to be safe. There could be malvertisements or compromises that happen at any time, and you should always exercise caution, particularly when you&#8217;re surfing the web or when you receive unexpected files via email.<\/p>\n<p><a href=\"https:\/\/www.intego.com\/virusbarrier\">Intego VirusBarrier<\/a> users with up-to-date virus definitions will detect this trojan as OSX\/FileSteal.A.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>As we predicted in our previous post on OSX\/Filesteal, a new sample of FileSteal has been found. It was found on VirusTotal earlier today, though the sample seems to have been created in December of 2012. It is already detected by VirusBarrier as a OSX\/FileSteal.A. The server used by this variant is at: liveapple.eu\/MEny\/upload.php At [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":8755,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[190,5],"tags":[405,86,399],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v17.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<meta name=\"description\" content=\"As we predicted in our previous post on OSX\/Filesteal, a new sample of FileSteal has been found. It was found on VirusTotal earlier today, though the\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intego.com\/mac-security-blog\/yet-another-filesteal-variant-found-today\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Yet Another FileSteal Variant Found Today - The Mac Security Blog\" \/>\n<meta property=\"og:description\" content=\"As we predicted in our previous post on OSX\/Filesteal, a new sample of FileSteal has been found. It was found on VirusTotal earlier today, though the\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intego.com\/mac-security-blog\/yet-another-filesteal-variant-found-today\/\" \/>\n<meta property=\"og:site_name\" content=\"The Mac Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2013-05-21T19:54:29+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2016-10-06T19:09:30+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert.png\" \/>\n\t<meta property=\"og:image:width\" content=\"400\" \/>\n\t<meta property=\"og:image:height\" content=\"260\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Lysa Myers\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\",\"name\":\"Intego\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"sameAs\":[],\"logo\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"width\":875,\"height\":875,\"caption\":\"Intego\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\"}},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"name\":\"The Mac Security Blog\",\"description\":\"Keep Macs safe from the dangers of the Internet\",\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/yet-another-filesteal-variant-found-today\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert.png\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert.png\",\"width\":\"400\",\"height\":\"260\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/yet-another-filesteal-variant-found-today\/#webpage\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/yet-another-filesteal-variant-found-today\/\",\"name\":\"Yet Another FileSteal Variant Found Today - The Mac Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/yet-another-filesteal-variant-found-today\/#primaryimage\"},\"datePublished\":\"2013-05-21T19:54:29+00:00\",\"dateModified\":\"2016-10-06T19:09:30+00:00\",\"description\":\"As we predicted in our previous post on OSX\/Filesteal, a new sample of FileSteal has been found. It was found on VirusTotal earlier today, though the\",\"breadcrumb\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/yet-another-filesteal-variant-found-today\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/yet-another-filesteal-variant-found-today\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/yet-another-filesteal-variant-found-today\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.intego.com\/mac-security-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Yet Another FileSteal Variant Found Today\"}]},{\"@type\":\"Article\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/yet-another-filesteal-variant-found-today\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/yet-another-filesteal-variant-found-today\/#webpage\"},\"author\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/12b11624d5a648c576d8dce6f93b230a\"},\"headline\":\"Yet Another FileSteal Variant Found Today\",\"datePublished\":\"2013-05-21T19:54:29+00:00\",\"dateModified\":\"2016-10-06T19:09:30+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/yet-another-filesteal-variant-found-today\/#webpage\"},\"wordCount\":273,\"commentCount\":2,\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/yet-another-filesteal-variant-found-today\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert.png\",\"keywords\":[\"Christmas_Card.app\",\"Malware\",\"OSX\/FileSteal\"],\"articleSection\":[\"Malware\",\"Security News\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/yet-another-filesteal-variant-found-today\/#respond\"]}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/12b11624d5a648c576d8dce6f93b230a\",\"name\":\"Lysa Myers\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/783af524dca7753ceb3cd9a576398a0e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/783af524dca7753ceb3cd9a576398a0e?s=96&d=mm&r=g\",\"caption\":\"Lysa Myers\"},\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/author\/lysam\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"description":"As we predicted in our previous post on OSX\/Filesteal, a new sample of FileSteal has been found. It was found on VirusTotal earlier today, though the","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intego.com\/mac-security-blog\/yet-another-filesteal-variant-found-today\/","og_locale":"en_US","og_type":"article","og_title":"Yet Another FileSteal Variant Found Today - The Mac Security Blog","og_description":"As we predicted in our previous post on OSX\/Filesteal, a new sample of FileSteal has been found. It was found on VirusTotal earlier today, though the","og_url":"https:\/\/www.intego.com\/mac-security-blog\/yet-another-filesteal-variant-found-today\/","og_site_name":"The Mac Security Blog","article_published_time":"2013-05-21T19:54:29+00:00","article_modified_time":"2016-10-06T19:09:30+00:00","og_image":[{"width":"400","height":"260","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_misc":{"Written by":"Lysa Myers","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Organization","@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization","name":"Intego","url":"https:\/\/www.intego.com\/mac-security-blog\/","sameAs":[],"logo":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","width":875,"height":875,"caption":"Intego"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo"}},{"@type":"WebSite","@id":"https:\/\/www.intego.com\/mac-security-blog\/#website","url":"https:\/\/www.intego.com\/mac-security-blog\/","name":"The Mac Security Blog","description":"Keep Macs safe from the dangers of the Internet","publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/yet-another-filesteal-variant-found-today\/#primaryimage","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert.png","width":"400","height":"260"},{"@type":"WebPage","@id":"https:\/\/www.intego.com\/mac-security-blog\/yet-another-filesteal-variant-found-today\/#webpage","url":"https:\/\/www.intego.com\/mac-security-blog\/yet-another-filesteal-variant-found-today\/","name":"Yet Another FileSteal Variant Found Today - The Mac Security Blog","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/yet-another-filesteal-variant-found-today\/#primaryimage"},"datePublished":"2013-05-21T19:54:29+00:00","dateModified":"2016-10-06T19:09:30+00:00","description":"As we predicted in our previous post on OSX\/Filesteal, a new sample of FileSteal has been found. It was found on VirusTotal earlier today, though the","breadcrumb":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/yet-another-filesteal-variant-found-today\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intego.com\/mac-security-blog\/yet-another-filesteal-variant-found-today\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.intego.com\/mac-security-blog\/yet-another-filesteal-variant-found-today\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.intego.com\/mac-security-blog\/"},{"@type":"ListItem","position":2,"name":"Yet Another FileSteal Variant Found Today"}]},{"@type":"Article","@id":"https:\/\/www.intego.com\/mac-security-blog\/yet-another-filesteal-variant-found-today\/#article","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/yet-another-filesteal-variant-found-today\/#webpage"},"author":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/12b11624d5a648c576d8dce6f93b230a"},"headline":"Yet Another FileSteal Variant Found Today","datePublished":"2013-05-21T19:54:29+00:00","dateModified":"2016-10-06T19:09:30+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/yet-another-filesteal-variant-found-today\/#webpage"},"wordCount":273,"commentCount":2,"publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/yet-another-filesteal-variant-found-today\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert.png","keywords":["Christmas_Card.app","Malware","OSX\/FileSteal"],"articleSection":["Malware","Security News"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.intego.com\/mac-security-blog\/yet-another-filesteal-variant-found-today\/#respond"]}]},{"@type":"Person","@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/12b11624d5a648c576d8dce6f93b230a","name":"Lysa Myers","image":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#personlogo","inLanguage":"en-US","url":"https:\/\/secure.gravatar.com\/avatar\/783af524dca7753ceb3cd9a576398a0e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/783af524dca7753ceb3cd9a576398a0e?s=96&d=mm&r=g","caption":"Lysa Myers"},"url":"https:\/\/www.intego.com\/mac-security-blog\/author\/lysam\/"}]}},"jetpack_featured_media_url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert.png","jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p4VAYd-3LD","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/14485"}],"collection":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/comments?post=14485"}],"version-history":[{"count":7,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/14485\/revisions"}],"predecessor-version":[{"id":57985,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/14485\/revisions\/57985"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media\/8755"}],"wp:attachment":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media?parent=14485"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/categories?post=14485"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/tags?post=14485"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}