{"id":5573,"date":"2012-08-22T10:00:40","date_gmt":"2012-08-22T17:00:40","guid":{"rendered":"http:\/\/www.intego.com\/mac-security-blog\/?p=5573"},"modified":"2023-04-06T19:11:06","modified_gmt":"2023-04-07T02:11:06","slug":"an-analysis-of-the-cross-platform-backdoor-netweirdrc","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/an-analysis-of-the-cross-platform-backdoor-netweirdrc\/","title":{"rendered":"An Analysis of the Cross-Platform Backdoor OSX\/NetWeirdRC"},"content":{"rendered":"<p><img loading=\"lazy\" class=\"aligncenter size-full wp-image-51277\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/03\/imac-malware-600.jpeg\" alt=\"\" width=\"600\" height=\"300\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/03\/imac-malware-600.jpeg 600w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/03\/imac-malware-600-150x75.jpeg 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/03\/imac-malware-600-300x150.jpeg 300w\" sizes=\"(max-width: 600px) 100vw, 600px\" \/><\/p>\n<p>A backdoor called <strong>OSX\/NetWeirdRC<\/strong> has been found that affects\u00a0OS X (versions 10.6 and higher), Windows, Linux and Solaris. Much like <a href=\"https:\/\/www.intego.com\/mac-security-blog\/new-apple-mac-trojan-called-osxcrisis-discovered-by-intego-virus-team\/\">OSX\/Crisis<\/a>, this is a commercial remote access tool (RAT) that was leaked to VirusTotal. It sold under the name &#8220;NetWire Remote Control&#8221; through <code>http:\/\/www.worldwiredlabs[.]com\/netwire_\/<\/code>. (<strong>Update:<\/strong> In 2023, <a href=\"https:\/\/www.intego.com\/mac-security-blog\/fbi-shuts-down-11-year-old-netwire-rat-malware\/\">the FBI seized this domain<\/a> as part of a multi-country effort to arrest and prosecute the malware&#8217;s creator.)<\/p>\n<p>This malware appears to be in the wild, but the risk is considered low at this time. It is not known how the malware would arrive, though presumably it would be part of a targeted attack and it would come with a custom dropper or entice the user to run a file through social engineering.<\/p>\n<p>In this article:<\/p>\n<ul>\n<li><a href=\"#what-known\">What else is known about OSX\/NetWeirdRC malware?<\/a><\/li>\n<li><a href=\"#how-to-remove\">How can one remove or prevent OSX\/NetWeirdRC and other Mac malware?<\/a><\/li>\n<li><a href=\"#iocs\">OSX\/NetWeirdRC indicators of compromise (IoCs)<\/a><\/li>\n<li><a href=\"#other-names\">Is OSX\/NetWeirdRC known by any other names?<\/a><\/li>\n<li><a href=\"#learnmore\">How can I learn more?<\/a><a name=\"what-known\"><\/a><\/li>\n<\/ul>\n<h3>What else is known about OSX\/NetWeirdRC malware?<\/h3>\n<p>In testing, it was found that this malware is not persistent. Perhaps due to a bug, it does not restart after a reboot, and will lie dormant unless it is manually restarted or removed. It does attempt to add itself to the login items, but this does not succeed in restarting the malware; it will only open the user&#8217;s home folder at login instead.<\/p>\n<div style=\"text-align: center;\"><img src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/08\/login2.png\" alt=\"\" \/><\/div>\n<p>The sample we received copies itself to the user&#8217;s home directory, though this functionality is configurable and may vary.<\/p>\n<p>Once it is installed, it calls home to the IP address 212.7.208[.]65 on port 4141 and awaits instructions. VirusBarrier&#8217;s firewall alerts at this connection attempt:<\/p>\n<p><img style=\"display: block; margin-left: auto; margin-right: auto;\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/08\/firewalldetects2.png\" alt=\"\" \/><\/p>\n<p>The backdoor offers a number of different functions to perform actions and spy on the user of the infected machine:<\/p>\n<ul>\n<li>Installing new files<\/li>\n<li>Performing commands remotely<\/li>\n<li>Grabbing screenshots<\/li>\n<li>Gathering system information<\/li>\n<li>Gathering information about what programs are running<\/li>\n<li>Stealing encrypted Firefox, Thunderbird, Opera, SeaMonkey passwords<\/li>\n<\/ul>\n<p>A temporary file is created for the malware to know if it has already been installed:<\/p>\n<ul>\n<li><code>\/tmp\/.lbOOjfsO<\/code><\/li>\n<\/ul>\n<p>It&#8217;s interesting to compare and contrast <a href=\"https:\/\/www.intego.com\/mac-security-blog\/new-apple-mac-trojan-called-osxcrisis-discovered-by-intego-virus-team\/\">OSX\/Crisis<\/a> and OSX\/NetWeirdRC, as they are both commercially products. While OSX\/Crisis is an advanced threat which hides itself reasonably well, OSX\/NetWeirdRC has a number of glaring issues. Perhaps the pricetag tells us all we need to know: OSX\/Crisis sells for \u20ac200,000, and\u00a0OSX\/NetWeirdRC starts at $60. The website for the developers of OSX\/NetWeirdRC also lists the undetected nature of this tool as a selling point. It would seem that you get what you pay for, even in the malware world.<a name=\"how-to-remove\"><\/a><\/p>\n<h3>How can one remove or prevent OSX\/NetWeirdRC and other Mac malware?<\/h3>\n<p><img loading=\"lazy\" class=\"alignright size-medium wp-image-54214\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/06\/X9-Mac-Antivirus-Launch-300x150.png\" alt=\"Intego X9 software boxes\" width=\"200\" height=\"100\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/06\/X9-Mac-Antivirus-Launch-300x150.png 300w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/06\/X9-Mac-Antivirus-Launch-150x75.png 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/06\/X9-Mac-Antivirus-Launch.png 600w\" sizes=\"(max-width: 200px) 100vw, 200px\" \/><\/p>\n<p>Intego VirusBarrier X9, included with <strong><a href=\"https:\/\/www.intego.com\/mac-protection-bundle\">Intego&#8217;s Mac Premium Bundle X9<\/a><\/strong>, can protect against, detect, and eliminate this Mac malware. Intego software detects components of this threat (including post-2012 variants) under the names <strong>OSX\/NetWeirdRC.A<\/strong>, <strong>OSX\/NetWeirdRC.B<\/strong>, <strong>OSX\/NetWeirdRC.C<\/strong>, <strong>OSX\/Netweird<\/strong>, <strong>OSX\/Netwire<\/strong>, and <strong>OSX\/Wirenet.gen<\/strong>.<\/p>\n<p>If you believe your Mac may be infected, or to prevent future infections, it&#8217;s best to use antivirus software from a trusted Mac developer. VirusBarrier is award-winning antivirus software, designed by Mac security experts, that includes <a href=\"https:\/\/www.intego.com\/mac-security-blog\/why-your-antivirus-needs-real-time-scanning\/\">real-time protection<\/a>. It runs natively on a wide range of Mac hardware and operating systems, including the very latest Macs.<\/p>\n<p>If you use a Windows PC, <a href=\"https:\/\/www.intego.com\/intego-antivirus\"><strong>Intego Antivirus for Windows<\/strong><\/a> can keep your computer protected from PC malware.<\/p>\n<p><span style=\"font-size: small;\">Note: Intego customers running VirusBarrier X8, X7, or X6 on older versions of Mac OS X are also protected from this threat. It is best to upgrade to the latest versions of VirusBarrier and macOS, if possible, to ensure your Mac gets all the latest security updates from Apple<\/span><span style=\"font-size: small;\">.<\/span><a name=\"iocs\"><\/a><\/p>\n<h3>OSX\/NetWeirdRC indicators of compromise (IoCs)<\/h3>\n<p>Files with the following SHA-256 hashes have been identified as affiliated with OSX\/NetWeird-related malware campaigns:<\/p>\n<pre>0257340cffb6e7de6196028e2d871433730ae1f6622253fcf819df83864ece93\r\n07a4e04ee8b4c8dc0f7507f56dc24db00537d4637afee43dbb9357d4d54f6ff4\r\n099b54c9e58542157d2af77467fd6a87fc21d1c237c24a453db0636b89cad1f1\r\n0a66ad9f40dee1d551e9f84c0c583c3dadb18f994700e139dd5c0c7b656a25ad\r\n0b99f06c5dd77698c4f76e2cfe688e5d53d026656f4b7f3ebb19195fadf69d25\r\n137e17ed0c693f5ba23c3f3bf252f7edc29548d97f426625a4e0c5fea0558e45\r\n13e84de1b5f590dbdec61eda5887b04663e5ad7028efc6903959352a61904118\r\n15360f7beb82a7a184a74d2759fbe6afb978357032131a5e33898502ad327a36\r\n1ba1deff19d51be41a54a77097281fcd64059c67d54ec3b958e3f0ec116ec958\r\n1f43aa172d2410617e0953ad90feff0dd5dca95a0a5faeb63fe1978064696505\r\n21deb6a949e5a60618b673553053ee7e4d46da8a883e29bb769c8fe87f561496\r\n224f11055513981bcd359f0708418dfc83145830d9cc4dc503ffed4bee7a5037\r\n233a49aa956e9ec66fe42ef7eead89a982ac007ea7cf611d0f69edf303fed054\r\n233a82465ee5beaba103d3d68113633e60ff5be94fda969d8c7402da46469ca9\r\n257da8c8b296dac6b029004ed06253fe622c5438b4a47b7dfbb87323b64f50a1\r\n267296cabfe19868d4a216ca5d43405004fe7a24d3481f013c7432879d48b65b\r\n26a0ca13e857b8f6260ceea4373cbfde1526f8d7df9cf27926959df1f63dadf5\r\n299d1dac2509abf3e7b42b6baa31156fdad1b1c0fe7e23d38682b4be9faf2b0a\r\n2c5e2bf468fc668e00b83211d296773112372bf40f1cdad9b6eb5f10b621e360\r\n2d1c3294b5736477e67e57660c9add00baa430697b9785de9f3a7b601137af00\r\n2f67d158b0e8332490e9ade7e95a457dc65d27293cf30916698c70bcebb20c75\r\n30bd7ce96a4b309c3f34971520129ce2f467a3d845fd59d865480e045d318f19\r\n33cd09b8de74375d13ca6d25066d011a719a83b324e9349d95ab9943d9465a40\r\n342cb128e98d7573a68441c7dd00a86b81dcbba69a8c682a231494797181821d\r\n3abc49bf515c29b33f1f723ea105a4ab50398675117201e08900ac0e0d3107e9\r\n3addeebf734e6f11e755bf31b559081d9a6020358952136c330c7004e10725b6\r\n3af947c08ecbb727cc7889e903e1de162673c6ee7cc1ffe5f2ae5a51e3feb48b\r\n412d076d641bb1ff37689e377f584dd320b8c90311777286bcb91260551dec9f\r\n41dfab4ade85a7ea2df6f726ea711b60ddac7aa29d77a6bc5654564dec46cef7\r\n4439d1526dcc2959a563d57da1f582a8106a72472d0842b1de694e823746acc6\r\n44d292854bcccd92089268828121ba9de0ed36d03ab2341f69c161eaee71afb6\r\n4578afe395a2a6cbe6d3dfce76672130d040fbe56032adfe281a0ecb90b245c2\r\n46106474c1e05747a77866e6e6166b31d37e1524e3f3e7d2abca5f3c07454505\r\n4623fd8b5482ec7cc0bbeb797300eb5379a113e3a1e3e4d6ab9d0dbf12ad4b51\r\n485957b4bc9bd7a7bc5c59b3ee6a4fbad48add2707d828ed67953c8a2e6c372a\r\n4a39f30c9e1c7d8db87ad521ca46cd04a4010e23b6fed81fd80df36d3d4be496\r\n4ca7a1cb6df3e3d09776ccff13a1a5224d974608d1dbb2284713ab7a5073ae92\r\n4ce99350cacd35a09f8da9bb736780f5fbca3d988d61661a1894772df8b64c44\r\n4cecdade7c1b3d34c9c85f3943c3d85fc097ea5260aa8179e887b98ff6236471\r\n4dde93426d6f71b61c42b627a8756b9cac7409da1a5cce62bb6179991973c76c\r\n584727c4af692f1ed52e4fe497a24a7d56aa7a55d25df7dccf305494ecbed0b7\r\n597e18be133ccdbbff1e99ed0f4b0885b8b84699f30374cc0e44807a55c02deb\r\n5ad1a0cd5ce13fe326d5292f643c5e3107c30331041cec8b60cbddb9b1e00739\r\n5d1d6aaa2f62e7f4cdba41ae3b2452fbc5febb3e046a3f583df41b2ae403ca83\r\n5eeea942cae0da69f175d55c1acdc398c657d822d34cf9d30d1476721c7e1f85\r\n6552663756c6a185939e8fff82dab6422213df39bd86a884caf4aef473ae613a\r\n6d1ca151169f24643ab9e298aaf01219eae7f8bae208273a9591f454b93c82ed\r\n6fb51a05b45bd4c9228d5add8a293d4b0d4d8b01e72912f3485b7d8197f62853\r\n74e120057e9ef88f0a5e5fd92b2a248c141fe1ddc616944eff8ff3d4aeb9ff74\r\n758ccff1e232ee02c4ef7013c52e779cd4fc9e18567deb453b7ab2680ceac112\r\n761962723b4fe4d277f89f8b0b60d62229294e3f62abb6ea0581e4e3b8606623\r\n782a7c805e398dbd915555b57966585ccc3ea8c426604dec4568dc8b642f893b\r\n79bb7b4c97a22e994d5a2dc171bb6a625d2d73c9459093055c1215b8d55383fc\r\n7a88a670d608c41abdabb7d57e9580fc63179bd461e31092f0f37d3d718e6925\r\n7b501617d85a6da8b6a6b647617a5dbcb5896b5d91923984c8331229c88b087f\r\n7dac37de8f37f80730bec42646be8e1f6b1353e9d74aeda10cc40c8b22787791\r\n834572938b3d24bf0fe48e9b1c5c5f729eccda23c11e793e6a0f387dbb72b538\r\n892f6f6b554e5aecdb36758be5eb04b606ad4b1ddd34f93195034f43ba27121b\r\n8fab7960a3e73f3b5ca84e60a72e04eb37916444487a77300d629c9e092aafc6\r\n91dcf6049248440b58e3ace7cb518b201dfb5e737a7766cdeb26ae4fd304fcd0\r\n92c2732b906eb08c0b1214dd761f84ad2588b009559c4884a58279a720dc4a01\r\n9859b887d8c89af8c2c962dec318766ed0bffbc0441ca6dddb7fdeddb236d707\r\n9e129a48b2b09760fea0ccc0960a978e497d2a93a54f32435024eaeea4f45a9b\r\na033fb94947caf6c22523af2d660b89d0c0fe6ee0ee200853312f192d29ed964\r\na2e449364b1bc148a19824984010485e2770a2f2e3098a7b59b557a59f735691\r\na55630de60eddd91ad0b511c2224364dc63cecb097c13aaeb48cc64b8d6102dd\r\na621afc6a41cdca7a969c21377ad1f05d70fa1c31488c8c6629dc9a151910ae8\r\nab5ea22c84491097f234a97e9ad3872129a32bcdf95df559f28e4da0f9701e15\r\nacd980754ac3807ba67cbbe7d787fd5804673c8cecc87a114735c965d40f1dd1\r\naf77d91269c731b4624594826b18f8c9b3df08ac80aeae5968db55b33bd3d9f4\r\nc4a8d9e29ebe45081592a75497ea584d0d9619e6c8cbefdf5297c06c1b8d0324\r\nc4cca053f03d6e74568298a9593cc01e0897d4a05e9c32c051b0224c9336f715\r\nc56aa3344fd8b35cf23ad2c806de2c947674517c46ef70b3f63ae0eeefa9f71d\r\nc699a63cb82436867ac04f9ac8942df24f37ea6d08501dd0bc2eb4066edb9504\r\nc96a32eb691bc06578fb6595d4cef8490b1874772acb81f73cf5c416dec6d998\r\ncd71e46adc8740e82cbdb398aa168c746bc29842352834763ae8886910ce10f3\r\nae953ac573d978656232e8fbd117ebdb10cf12e0fee37413cac3dd138b33632b\r\ncda8619bf64d10667476d087286db3d73039d82dd9edb34feffe571a0642c4ff\r\ncede91407b1840db16f892bf61ceffa6dcb64eb180a15de16cc7fd8c7ae53fa9\r\nd0a2ba9568d0f99cf5ee9a40819f29a5a5315d924d4000490d436bfc08b0d617\r\nd5479a47f859b22f7dfd3a078e8984663711cdcdc9adf861fb83d261d6d31a7a\r\ne1b07f323599f1887982c8efd8c253d9a5e3c8524239bb17e5175b47dde8e3a8\r\ne450d451a7f7dd9dacd06a8bb6339aa9473ec1360bc4324b85b7a6758394eae2\r\ne46a31ab634c9a90b378232e8134fb24b395ba275cb9fa53dd22246da8c930b3\r\nedaed9d5fc6d375bc7a19e0707c5b4fdbb98a4431e5dd18f36728d8069197ed1\r\nf54069d1502f2323f8d91110e0e6d2e0da3eba6a73ebcc922770d80302dc19a4\r\nf5aec1d705824e2f41b1f1e07372c4a93f4243656ce60510ec7798b20f10e5be\r\nf626d9437ce1a463775fbafedb8f21acb3a24d7d3b1b026e8b1093d3a32f02e2\r\nf93769a92593cf525ea0ac50fdb8295936ede8e081dd835edba9258651202a32\r\nfb26a41cdbf93f73bdd46593fb7b88f77ff1a7edf55c174500bcf58adb2d1d27\r\nfd2a2f9e9c1d9515bf6a94123df359d50f1d42def1ec2153a6fe8948268c265a\r\nfee253d110ea71891ea8d07934bcf2fd61cd72c1b32d766beabba24901cd223a\r\nff5d5b0bbde9735eeb29f2c7d5dd2bda4fab4cdae796e2541bccf352dfb7a081<\/pre>\n<p>Each of these samples is available on VirusTotal (see lists of samples for <a href=\"https:\/\/www.virustotal.com\/gui\/search\/similar-to%253A41dfab4ade85a7ea2df6f726ea711b60ddac7aa29d77a6bc5654564dec46cef7\/files\" target=\"_blank\" rel=\"noopener\">variant 1<\/a>, <a href=\"https:\/\/www.virustotal.com\/gui\/search\/similar-to%253A6fb51a05b45bd4c9228d5add8a293d4b0d4d8b01e72912f3485b7d8197f62853\/files\" target=\"_blank\" rel=\"noopener\">variant 2<\/a>, <a href=\"https:\/\/www.virustotal.com\/gui\/search\/similar-to%253A07a4e04ee8b4c8dc0f7507f56dc24db00537d4637afee43dbb9357d4d54f6ff4\/files\" target=\"_blank\" rel=\"noopener\">variant 3<\/a>, and <a href=\"https:\/\/www.virustotal.com\/gui\/search\/similar-to%253A4cecdade7c1b3d34c9c85f3943c3d85fc097ea5260aa8179e887b98ff6236471\/files\" target=\"_blank\" rel=\"noopener\">variant 4<\/a>). Note that this blog post has been updated to add some newer samples, including <a href=\"https:\/\/www.intego.com\/mac-security-blog\/mac-malware-on-the-rise-again-several-new-threats-found\/#netwire-mokes\">from 2019<\/a> or later.<a name=\"other-names\"><\/a><\/p>\n<h3>Is OSX\/NetWeirdRC known by any other names?<\/h3>\n<p>Other vendors&#8217; or journalists&#8217; names for this malware campaign may include variations of the following:<\/p>\n<p><span style=\"font-size: small;\">A Variant Of OSX\/Netweird.A, A Variant Of OSX\/Netweird.F, Backdoor:MacOS_X\/NetWiredRC.A, Backdoor:MacOS\/NetWired, Backdoor:MacOS\/Wirenet.4fb9d760, Backdoor:OSX\/NetWeirdRC.A, Backdoor.MacOS.NETWIRED.A, Backdoor.MacOSX.NetWeirdRC.A, Backdoor.NetWire\/OSX!1.D99F (CLASSIC), Backdoor.OSX.NetWeirdRC.A, Backdoor.OSX.NetWiredRC.a (v), Backdoor.OSX.Wirenet.10000077, Backdoor.OSX.Wirenet.a, Backdoor.Trojan, Backdoor.Win32.Generic.FGT, Backdoor.Wirenet.OSX.12, Backdoor.Wirenet.OSX.13, Backdoor.Wirenet.OSX.17, Backdoor.Wirenet.OSX.33, Backdoor.Wirenet.OSX.38, Backdoor.Wirenet\/OSX.a (CLASSIC), DFI &#8211; Suspicious Mach-O, HEUR:Backdoor.OSX.Wirenet.g, HEUR:Backdoor.OSX.Wirenet.h, Mac.BackDoor.Wirenet.1, Mac.BackDoor.Wirenet.5, MAC.OSX.Backdoor.Wirenet.A (B), MAC.OSX.Backdoor.Wirenet.E (B), MAC.OSX.Backdoor.Wirenet.I (B), MAC.OSX.Backdoor.Wirenet.J (B), MAC.OSX.NetWeird.A (B), Mac\/Backdoor.072, MacOS:Netweird-B [Trj], MacOS\/Wirenet.A, MacOS\/Wirenet.B, MacOS\/Wirenet.C, Malware.Generic-Script.Save.af8a464f, Malware.Generic-Script.Save.b7811f5b, Malware.OSX\/Netweird.tbkts, Malware@#15i81g3rc3sef, Malware@#1afq2rvd10wil, Malware@#1f0m269krpw2l, Malware@#1h8tju5hbd21f, Malware@#1hd42vlms8n0z, Malware@#1uzmyxicqk3uv, Malware@#20rfq4tbgqoib, Malware@#21rpfafrtdx2b, Malware@#28x09as6fhwfe, Malware@#2caoj5w0utqjh, Malware@#2gpv2ykp4521v, Malware@#2k8e1hubq5acd, Malware@#2o0859e15qp3n, Malware@#2rjlzn4iz9h25, Malware@#2sgtqzk1lqssy, Malware@#31kj44wfcawer, Malware@#3gv612cqtop6v, Malware@#3s6xew9utef8d, Malware@#3w5a7hy6bca77, Malware@#hqkpyo3ijq8t, Malware@#lh57jy6pg49f, Multi:Wirenet-B [Trj], Net.Backdoor.Wirenet.Mzfl, Net.Backdoor.Wirenet.Syrk, Net.Backdoor.Wirenet.Wnvs, Net.Backdoor.Wirenet.Wrgi, Net.Backdoor.Wirenet.Wstu, Net.Trojan.Netweird.Rzfl, OSX_NETWEIRD.TP, OSX_NETWIRED.A, OSX_NETWRD.A, OSX_WIRENET.AA, OSX_WIRENET.AC, OSX_WIRENET.AE, OSX_WIRENET.AF, OSX_WIRENET.AH, OSX_WIRENET.SM, OSX.Malcol, Osx.Malware.Agent-6997565-0, OSX.Netweird.B, OSX.NetWeird.i, OSX.NetWeird.ii, OSX.Netwire.A, OSX.Trojan.Gen, Osx.Trojan.Netweird-1, Osx.Trojan.Netweird-2, OSX\/BHT.O, OSX\/Generic.af, OSX\/Macho.b, OSX\/Netweird.A!tr, OSX\/Netweird.qkmhq, OSX\/Netweird.tbkts, OSX\/NetWierd, OSX\/NetWired.a, OSX\/NetWrdRC-A, OSX\/NetWrdRC-H, OSX\/OSX_Wirenet.F!tr.bdr, OSX\/Wirenet.63768, OSX\/Wirenet.a, OSX\/Wirenet.A!tr.bdr, OSX\/Wirenet.A.1, OSX\/Wirenet.C, OSX\/Wirenet.M, OSX32-Trojan\/Wirenet.B, OSX32-Trojan\/Wirenet.C, OSX32-Trojan\/Wirenet.D, RDN\/Generic.gci, RDN\/Generic.gfj, RDN\/Generic.osx, Static AI &#8211; Malicious Archive, Static AI &#8211; Malicious Mach-O, Static AI &#8211; Suspicious Mach-O, Trojan ( 3ac000771 ), Trojan ( 3ac070611 ), Trojan:MacOS\/Occamy.AA, Trojan:MacOS\/Vigorf.A, Trojan:MacOS\/Ymacco.AACD, Trojan:Script\/Wacatac.C!ml, Trojan.Agent.gdz (CLASSIC), Trojan.Agent.geb (CLASSIC), Trojan.Mac.Netweird.effjbe, Trojan.Mac.Netweird.eteaqv, Trojan.Mac.Netweird.ffcvyf, Trojan.Mac.Netweird.focmdw, Trojan.Mac.Netweird.frewfz, Trojan.Mac.Netweird.fsnnuy, Trojan.MAC.Netwire.A (B), Trojan.Mac.Wirenet.bbgbyo, Trojan.Mac.Wirenet.bckzzk, Trojan.Mac.Wirenet.bdfnbo, Trojan.Mac.Wirenet.bdvzgt, Trojan.Mac.Wirenet.beacxp, Trojan.Mac.Wirenet.bgwblv, Trojan.Mac.Wirenet.bmveuq, Trojan.Mac.Wirenet.bmvxfe, Trojan.Mac.Wirenet.bmxkqo, Trojan.Mac.Wirenet.bnebyq, Trojan.Mac.Wirenet.bsapjo, Trojan.Mac.Wirenet.ddgtuu, Trojan.Mac.Wirenet.dtkfyv, Trojan.Mac.Wirenet.wpzjm, Trojan.Mac.Wirenet.wqrhp, Trojan.Mac.Wirenet.wqris, Trojan.Mac.Wirenet.yolio, Trojan.Mac.Wirenet.yziuu, Trojan.Malware.74403110.susgen, Trojan.Netweird..1, Trojan.Netweird..10, Trojan.Netweird..11, Trojan.Netweird..12, Trojan.Netweird..16, Trojan.Netweird..2, Trojan.Netweird..28, Trojan.Netweird..29, Trojan.Netweird..3, Trojan.Netweird..30, Trojan.Netweird..4, Trojan.Netweird.OSX.34, Trojan.OSX.Netweird, Trojan.OSX.Netwire, Trojan.OSX.Wirenet.4!c, Trojan.OSX.Wirenet.m!c, Trojan.Win32.OSX.Agent.I, Trojan[Backdoor]\/OSX.Wirenet, Trojan\/Generic.ASSuf.27716, Virus.MAC.OSX.Wirenet.A, W32\/OSX_Wirenet.A!tr.bdr<\/span><a name=\"learnmore\"><\/a><\/p>\n<h3>How can I learn more?<\/h3>\n<p>You may also be interested in <a href=\"https:\/\/www.intego.com\/mac-security-blog\/new-apple-mac-trojan-called-osxcrisis-discovered-by-intego-virus-team\/\">our write-up of OSX\/Crisis<\/a>, another commercial macOS remote access Trojan that Intego discovered in July 2012, just one month before OSX\/NetWeirdRC came to light. See also <a href=\"https:\/\/www.intego.com\/mac-security-blog\/category\/malware\/\">our latest malware write-ups<\/a>.<\/p>\n<p><a href=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2021\/04\/intego-podcast-artwork-400.jpg\" target=\"_blank\" rel=\"noopener noreferrer\"><img class=\"alignleft\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2021\/04\/intego-podcast-artwork-400.jpg\" alt=\"\" width=\"80\" \/><\/a>Each week on the <a href=\"https:\/\/podcast.intego.com\/\" target=\"_blank\" rel=\"noopener\"><strong>Intego Mac Podcast<\/strong><\/a>, Intego&#8217;s Mac security experts discuss the latest Apple news, including security and privacy stories, and offer practical advice on getting the most out of your Apple devices. Be sure to <a href=\"https:\/\/podcasts.apple.com\/us\/podcast\/intego-mac-podcast\/id1293834627\" rel=\"noopener\"><strong>follow the podcast<\/strong><\/a> to make sure you don\u2019t miss any episodes.<\/p>\n<p>You can also subscribe to our <a href=\"https:\/\/www.intego.com\/mac-security-blog\/mac-security-newsletter\/\"><strong>e-mail newsletter<\/strong><\/a> and keep an eye here on <a href=\"https:\/\/www.intego.com\/mac-security-blog\"><strong>The Mac Security Blog<\/strong><\/a> for the latest Apple security and privacy news. And don&#8217;t forget to follow Intego on your favorite social media channels: <a href=\"https:\/\/twitter.com\/IntegoSecurity\" target=\"_blank\" rel=\"noopener\"><img style=\"border-width: 1px; border-style: solid; border-color: rgba(255, 255, 255, 0.2); border-radius: 8px;\" title=\"Follow Intego on Twitter\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2021\/10\/Twitter-logo-icon-64.png\" alt=\"Follow Intego on Twitter\" width=\"16\" \/><\/a>\u00a0<a href=\"https:\/\/www.facebook.com\/Intego\" target=\"_blank\" rel=\"noopener\"><img style=\"border-width: 1px; border-style: solid; border-color: rgba(255, 255, 255, 0.2); border-radius: 8px;\" title=\"Follow Intego on Facebook\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2021\/10\/Facebook-logo-icon-64.png\" alt=\"Follow Intego on Facebook\" width=\"16\" \/><\/a>\u00a0<a href=\"https:\/\/www.youtube.com\/user\/IntegoVideo?sub_confirmation=1\" target=\"_blank\" rel=\"noopener\"><img style=\"border-width: 1px; border-style: solid; border-color: rgba(0, 0, 0, 0.2); border-radius: 8px;\" title=\"Follow Intego on YouTube\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2021\/10\/YouTube-logo-icon-64.png\" alt=\"Follow Intego on YouTube\" width=\"16\" \/><\/a>\u00a0<a href=\"https:\/\/www.pinterest.com\/intego\/\" target=\"_blank\" rel=\"noopener\"><img style=\"border-width: 1px; border-style: solid; border-color: rgba(0, 0, 0, 0.2); border-radius: 8px;\" title=\"Follow Intego on Pinterest\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2021\/10\/Pinterest-logo-icon-64.png\" alt=\"Follow Intego on Pinterest\" width=\"16\" \/><\/a>\u00a0<a href=\"https:\/\/www.linkedin.com\/company\/intego\" target=\"_blank\" rel=\"noopener\"><img style=\"border-width: 1px; border-style: solid; border-color: rgba(255, 255, 255, 0.2); border-radius: 8px;\" title=\"Follow Intego on LinkedIn\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2021\/10\/LinkedIn-logo-icon-64.png\" alt=\"Follow Intego on LinkedIn\" width=\"16\" \/><\/a>\u00a0<a href=\"https:\/\/www.instagram.com\/intego_security\/\" target=\"_blank\" rel=\"noopener\"><img style=\"border-width: 1px; border-style: solid; border-color: rgba(255, 255, 255, 0.2); border-radius: 8px;\" title=\"Follow Intego on Instagram\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2021\/10\/Instagram-logo-icon-64.png\" alt=\"Follow Intego on Instagram\" width=\"16\" \/><\/a>\u00a0<a href=\"https:\/\/podcasts.apple.com\/us\/podcast\/intego-mac-podcast\/id1293834627\" target=\"_blank\" rel=\"noopener\"><img style=\"border-width: 1px; border-style: solid; border-color: rgba(255, 255, 255, 0.2); border-radius: 8px;\" title=\"Follow the Intego Mac Podcast on Apple Podcasts\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile.png\" alt=\"Follow the Intego Mac Podcast on Apple Podcasts\" width=\"16\" \/><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Commercial backdoor malware for Mac called NetWire (OSX\/NetWeirdRC) has been discovered. Here is everything you need to know, including how to remove this infection.<\/p>\n","protected":false},"author":6,"featured_media":8763,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[190],"tags":[30,86,2764,3121],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v17.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<meta name=\"description\" content=\"Commercial backdoor malware for Mac called NetWire (OSX\/NetWeirdRC) has been discovered. Here is everything you need to know, including how to remove this infection.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intego.com\/mac-security-blog\/an-analysis-of-the-cross-platform-backdoor-netweirdrc\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"An Analysis of the Cross-Platform Backdoor OSX\/NetWeirdRC - The Mac Security Blog\" \/>\n<meta property=\"og:description\" content=\"Commercial backdoor malware for Mac called NetWire (OSX\/NetWeirdRC) has been discovered. Here is everything you need to know, including how to remove this infection.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intego.com\/mac-security-blog\/an-analysis-of-the-cross-platform-backdoor-netweirdrc\/\" \/>\n<meta property=\"og:site_name\" content=\"The Mac Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2012-08-22T17:00:40+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-04-07T02:11:06+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert-intego.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"400\" \/>\n\t<meta property=\"og:image:height\" content=\"260\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Lysa Myers\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\",\"name\":\"Intego\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"sameAs\":[],\"logo\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"width\":875,\"height\":875,\"caption\":\"Intego\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\"}},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"name\":\"The Mac Security Blog\",\"description\":\"Keep Macs safe from the dangers of the Internet\",\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/an-analysis-of-the-cross-platform-backdoor-netweirdrc\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert-intego.jpg\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert-intego.jpg\",\"width\":\"400\",\"height\":\"260\",\"caption\":\"Malware Alert from Intego\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/an-analysis-of-the-cross-platform-backdoor-netweirdrc\/#webpage\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/an-analysis-of-the-cross-platform-backdoor-netweirdrc\/\",\"name\":\"An Analysis of the Cross-Platform Backdoor OSX\/NetWeirdRC - The Mac Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/an-analysis-of-the-cross-platform-backdoor-netweirdrc\/#primaryimage\"},\"datePublished\":\"2012-08-22T17:00:40+00:00\",\"dateModified\":\"2023-04-07T02:11:06+00:00\",\"description\":\"Commercial backdoor malware for Mac called NetWire (OSX\/NetWeirdRC) has been discovered. Here is everything you need to know, including how to remove this infection.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/an-analysis-of-the-cross-platform-backdoor-netweirdrc\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/an-analysis-of-the-cross-platform-backdoor-netweirdrc\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/an-analysis-of-the-cross-platform-backdoor-netweirdrc\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.intego.com\/mac-security-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"An Analysis of the Cross-Platform Backdoor OSX\/NetWeirdRC\"}]},{\"@type\":\"Article\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/an-analysis-of-the-cross-platform-backdoor-netweirdrc\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/an-analysis-of-the-cross-platform-backdoor-netweirdrc\/#webpage\"},\"author\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/12b11624d5a648c576d8dce6f93b230a\"},\"headline\":\"An Analysis of the Cross-Platform Backdoor OSX\/NetWeirdRC\",\"datePublished\":\"2012-08-22T17:00:40+00:00\",\"dateModified\":\"2023-04-07T02:11:06+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/an-analysis-of-the-cross-platform-backdoor-netweirdrc\/#webpage\"},\"wordCount\":1447,\"commentCount\":3,\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/an-analysis-of-the-cross-platform-backdoor-netweirdrc\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert-intego.jpg\",\"keywords\":[\"Backdoor\",\"Malware\",\"NetWeirdRC\",\"OSX.Netwire.A\"],\"articleSection\":[\"Malware\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/an-analysis-of-the-cross-platform-backdoor-netweirdrc\/#respond\"]}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/12b11624d5a648c576d8dce6f93b230a\",\"name\":\"Lysa Myers\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/783af524dca7753ceb3cd9a576398a0e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/783af524dca7753ceb3cd9a576398a0e?s=96&d=mm&r=g\",\"caption\":\"Lysa Myers\"},\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/author\/lysam\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"description":"Commercial backdoor malware for Mac called NetWire (OSX\/NetWeirdRC) has been discovered. Here is everything you need to know, including how to remove this infection.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intego.com\/mac-security-blog\/an-analysis-of-the-cross-platform-backdoor-netweirdrc\/","og_locale":"en_US","og_type":"article","og_title":"An Analysis of the Cross-Platform Backdoor OSX\/NetWeirdRC - The Mac Security Blog","og_description":"Commercial backdoor malware for Mac called NetWire (OSX\/NetWeirdRC) has been discovered. Here is everything you need to know, including how to remove this infection.","og_url":"https:\/\/www.intego.com\/mac-security-blog\/an-analysis-of-the-cross-platform-backdoor-netweirdrc\/","og_site_name":"The Mac Security Blog","article_published_time":"2012-08-22T17:00:40+00:00","article_modified_time":"2023-04-07T02:11:06+00:00","og_image":[{"width":"400","height":"260","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert-intego.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Written by":"Lysa Myers","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Organization","@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization","name":"Intego","url":"https:\/\/www.intego.com\/mac-security-blog\/","sameAs":[],"logo":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","width":875,"height":875,"caption":"Intego"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo"}},{"@type":"WebSite","@id":"https:\/\/www.intego.com\/mac-security-blog\/#website","url":"https:\/\/www.intego.com\/mac-security-blog\/","name":"The Mac Security Blog","description":"Keep Macs safe from the dangers of the Internet","publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/an-analysis-of-the-cross-platform-backdoor-netweirdrc\/#primaryimage","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert-intego.jpg","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert-intego.jpg","width":"400","height":"260","caption":"Malware Alert from Intego"},{"@type":"WebPage","@id":"https:\/\/www.intego.com\/mac-security-blog\/an-analysis-of-the-cross-platform-backdoor-netweirdrc\/#webpage","url":"https:\/\/www.intego.com\/mac-security-blog\/an-analysis-of-the-cross-platform-backdoor-netweirdrc\/","name":"An Analysis of the Cross-Platform Backdoor OSX\/NetWeirdRC - The Mac Security Blog","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/an-analysis-of-the-cross-platform-backdoor-netweirdrc\/#primaryimage"},"datePublished":"2012-08-22T17:00:40+00:00","dateModified":"2023-04-07T02:11:06+00:00","description":"Commercial backdoor malware for Mac called NetWire (OSX\/NetWeirdRC) has been discovered. Here is everything you need to know, including how to remove this infection.","breadcrumb":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/an-analysis-of-the-cross-platform-backdoor-netweirdrc\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intego.com\/mac-security-blog\/an-analysis-of-the-cross-platform-backdoor-netweirdrc\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.intego.com\/mac-security-blog\/an-analysis-of-the-cross-platform-backdoor-netweirdrc\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.intego.com\/mac-security-blog\/"},{"@type":"ListItem","position":2,"name":"An Analysis of the Cross-Platform Backdoor OSX\/NetWeirdRC"}]},{"@type":"Article","@id":"https:\/\/www.intego.com\/mac-security-blog\/an-analysis-of-the-cross-platform-backdoor-netweirdrc\/#article","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/an-analysis-of-the-cross-platform-backdoor-netweirdrc\/#webpage"},"author":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/12b11624d5a648c576d8dce6f93b230a"},"headline":"An Analysis of the Cross-Platform Backdoor OSX\/NetWeirdRC","datePublished":"2012-08-22T17:00:40+00:00","dateModified":"2023-04-07T02:11:06+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/an-analysis-of-the-cross-platform-backdoor-netweirdrc\/#webpage"},"wordCount":1447,"commentCount":3,"publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/an-analysis-of-the-cross-platform-backdoor-netweirdrc\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert-intego.jpg","keywords":["Backdoor","Malware","NetWeirdRC","OSX.Netwire.A"],"articleSection":["Malware"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.intego.com\/mac-security-blog\/an-analysis-of-the-cross-platform-backdoor-netweirdrc\/#respond"]}]},{"@type":"Person","@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/12b11624d5a648c576d8dce6f93b230a","name":"Lysa Myers","image":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#personlogo","inLanguage":"en-US","url":"https:\/\/secure.gravatar.com\/avatar\/783af524dca7753ceb3cd9a576398a0e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/783af524dca7753ceb3cd9a576398a0e?s=96&d=mm&r=g","caption":"Lysa Myers"},"url":"https:\/\/www.intego.com\/mac-security-blog\/author\/lysam\/"}]}},"jetpack_featured_media_url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert-intego.jpg","jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p4VAYd-1rT","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/5573"}],"collection":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/comments?post=5573"}],"version-history":[{"count":17,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/5573\/revisions"}],"predecessor-version":[{"id":97605,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/5573\/revisions\/97605"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media\/8763"}],"wp:attachment":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media?parent=5573"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/categories?post=5573"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/tags?post=5573"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}