{"id":7102,"date":"2012-11-12T12:40:09","date_gmt":"2012-11-12T20:40:09","guid":{"rendered":"http:\/\/www.intego.com\/mac-security-blog\/?p=7102"},"modified":"2016-02-12T10:32:51","modified_gmt":"2016-02-12T18:32:51","slug":"new-osx-imuler-variant-targeting-tibetan-activists","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/new-osx-imuler-variant-targeting-tibetan-activists\/","title":{"rendered":"New OSX\/Imuler Variant Targeting Tibetan Activists"},"content":{"rendered":"<p>A new OSX\/Imuler variant, detected as OSX\/Imuler.E, has been targeting Tibetan activists. This varies little from the <a href=\"https:\/\/www.intego.com\/mac-security-blog\/new-imuler-variant-found-steer-clear-of-your-dirty-pics\/\">previous Imular variant, OSX\/Imuler.D<\/a>. There have been a variety of droppers seen, the most recent of which purport to be group photos of Tibetan organizations.<\/p>\n<p align=\"center\"><img loading=\"lazy\" class=\"aligncenter size-full wp-image-7111\" title=\"tibetan-group-photo\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/11\/tibetan-group-photo.jpg\" alt=\"\" width=\"500\" height=\"350\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/11\/tibetan-group-photo.jpg 500w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/11\/tibetan-group-photo-150x105.jpg 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/11\/tibetan-group-photo-300x210.jpg 300w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/11\/tibetan-group-photo-100x70.jpg 100w\" sizes=\"(max-width: 500px) 100vw, 500px\" \/><\/p>\n<p align=\"center\"><em>Photo used as bait for social engineering with Imuler variant<\/em><\/p>\n<p>This backdoor Trojan family was first discovered in September 2011 as a\u00a0<a href=\"https:\/\/www.intego.com\/mac-security-blog\/mac-pdf-trojan-horse-surfaces-threat-is-low\/\">Mac PDF Trojan horse<\/a>\u00a0and has been targeting activist organizations with emails containing what appear to be pictures. Each variant has tried different tactics, either trying to scare or entice their target into opening the file.<\/p>\n<p>Like previous variants, once the Trojan is active, Imuler calls home to await further instructions. The Trojan survives reboot until the malicious files are removed.<\/p>\n<p>The Imuler Trojan has two main methods of stealing information:<\/p>\n<ol>\n<li>It searches the system for user data<\/li>\n<li>It can also take screenshots<\/li>\n<\/ol>\n<p>This data is then uploaded to the controller\u2019s server. It creates a unique identifier for the specific Mac to be able to link the Mac and the data it collects. The backdoor also allows new files to be downloaded onto an affected system.<\/p>\n<p><a href=\"https:\/\/www.intego.com\/virusbarrier\">Intego VirusBarrier<\/a> users with up-to-date virus definitions are protected from this threat, which is detected as Trojan:OSX\/Imuler.E.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A new OSX\/Imuler variant, detected as OSX\/Imuler.E, has been targeting Tibetan activists. This varies little from the previous Imular variant, OSX\/Imuler.D. There have been a variety of droppers seen, the most recent of which purport to be group photos of Tibetan organizations. Photo used as bait for social engineering with Imuler variant This backdoor Trojan [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":8763,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[190],"tags":[86,2770,2773],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v17.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<meta name=\"description\" content=\"A new OSX\/Imuler variant, detected as OSX\/Imuler.E, has been targeting Tibetan activists. This varies little from the previous Imular variant,\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intego.com\/mac-security-blog\/new-osx-imuler-variant-targeting-tibetan-activists\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"New OSX\/Imuler Variant Targeting Tibetan Activists - The Mac Security Blog\" \/>\n<meta property=\"og:description\" content=\"A new OSX\/Imuler variant, detected as OSX\/Imuler.E, has been targeting Tibetan activists. This varies little from the previous Imular variant,\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intego.com\/mac-security-blog\/new-osx-imuler-variant-targeting-tibetan-activists\/\" \/>\n<meta property=\"og:site_name\" content=\"The Mac Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2012-11-12T20:40:09+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2016-02-12T18:32:51+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert-intego.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"400\" \/>\n\t<meta property=\"og:image:height\" content=\"260\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Lysa Myers\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\",\"name\":\"Intego\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"sameAs\":[],\"logo\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"width\":875,\"height\":875,\"caption\":\"Intego\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\"}},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"name\":\"The Mac Security Blog\",\"description\":\"Keep Macs safe from the dangers of the Internet\",\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/new-osx-imuler-variant-targeting-tibetan-activists\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert-intego.jpg\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert-intego.jpg\",\"width\":\"400\",\"height\":\"260\",\"caption\":\"Malware Alert from Intego\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/new-osx-imuler-variant-targeting-tibetan-activists\/#webpage\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/new-osx-imuler-variant-targeting-tibetan-activists\/\",\"name\":\"New OSX\/Imuler Variant Targeting Tibetan Activists - The Mac Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/new-osx-imuler-variant-targeting-tibetan-activists\/#primaryimage\"},\"datePublished\":\"2012-11-12T20:40:09+00:00\",\"dateModified\":\"2016-02-12T18:32:51+00:00\",\"description\":\"A new OSX\/Imuler variant, detected as OSX\/Imuler.E, has been targeting Tibetan activists. This varies little from the previous Imular variant,\",\"breadcrumb\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/new-osx-imuler-variant-targeting-tibetan-activists\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/new-osx-imuler-variant-targeting-tibetan-activists\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/new-osx-imuler-variant-targeting-tibetan-activists\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.intego.com\/mac-security-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"New OSX\/Imuler Variant Targeting Tibetan Activists\"}]},{\"@type\":\"Article\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/new-osx-imuler-variant-targeting-tibetan-activists\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/new-osx-imuler-variant-targeting-tibetan-activists\/#webpage\"},\"author\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/12b11624d5a648c576d8dce6f93b230a\"},\"headline\":\"New OSX\/Imuler Variant Targeting Tibetan Activists\",\"datePublished\":\"2012-11-12T20:40:09+00:00\",\"dateModified\":\"2016-02-12T18:32:51+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/new-osx-imuler-variant-targeting-tibetan-activists\/#webpage\"},\"wordCount\":222,\"commentCount\":4,\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/new-osx-imuler-variant-targeting-tibetan-activists\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert-intego.jpg\",\"keywords\":[\"Malware\",\"OSX\/Imuler\",\"Tibetan\"],\"articleSection\":[\"Malware\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/new-osx-imuler-variant-targeting-tibetan-activists\/#respond\"]}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/12b11624d5a648c576d8dce6f93b230a\",\"name\":\"Lysa Myers\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/783af524dca7753ceb3cd9a576398a0e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/783af524dca7753ceb3cd9a576398a0e?s=96&d=mm&r=g\",\"caption\":\"Lysa Myers\"},\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/author\/lysam\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"description":"A new OSX\/Imuler variant, detected as OSX\/Imuler.E, has been targeting Tibetan activists. This varies little from the previous Imular variant,","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intego.com\/mac-security-blog\/new-osx-imuler-variant-targeting-tibetan-activists\/","og_locale":"en_US","og_type":"article","og_title":"New OSX\/Imuler Variant Targeting Tibetan Activists - The Mac Security Blog","og_description":"A new OSX\/Imuler variant, detected as OSX\/Imuler.E, has been targeting Tibetan activists. This varies little from the previous Imular variant,","og_url":"https:\/\/www.intego.com\/mac-security-blog\/new-osx-imuler-variant-targeting-tibetan-activists\/","og_site_name":"The Mac Security Blog","article_published_time":"2012-11-12T20:40:09+00:00","article_modified_time":"2016-02-12T18:32:51+00:00","og_image":[{"width":"400","height":"260","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert-intego.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Written by":"Lysa Myers","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Organization","@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization","name":"Intego","url":"https:\/\/www.intego.com\/mac-security-blog\/","sameAs":[],"logo":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","width":875,"height":875,"caption":"Intego"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo"}},{"@type":"WebSite","@id":"https:\/\/www.intego.com\/mac-security-blog\/#website","url":"https:\/\/www.intego.com\/mac-security-blog\/","name":"The Mac Security Blog","description":"Keep Macs safe from the dangers of the Internet","publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/new-osx-imuler-variant-targeting-tibetan-activists\/#primaryimage","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert-intego.jpg","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert-intego.jpg","width":"400","height":"260","caption":"Malware Alert from Intego"},{"@type":"WebPage","@id":"https:\/\/www.intego.com\/mac-security-blog\/new-osx-imuler-variant-targeting-tibetan-activists\/#webpage","url":"https:\/\/www.intego.com\/mac-security-blog\/new-osx-imuler-variant-targeting-tibetan-activists\/","name":"New OSX\/Imuler Variant Targeting Tibetan Activists - The Mac Security Blog","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/new-osx-imuler-variant-targeting-tibetan-activists\/#primaryimage"},"datePublished":"2012-11-12T20:40:09+00:00","dateModified":"2016-02-12T18:32:51+00:00","description":"A new OSX\/Imuler variant, detected as OSX\/Imuler.E, has been targeting Tibetan activists. This varies little from the previous Imular variant,","breadcrumb":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/new-osx-imuler-variant-targeting-tibetan-activists\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intego.com\/mac-security-blog\/new-osx-imuler-variant-targeting-tibetan-activists\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.intego.com\/mac-security-blog\/new-osx-imuler-variant-targeting-tibetan-activists\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.intego.com\/mac-security-blog\/"},{"@type":"ListItem","position":2,"name":"New OSX\/Imuler Variant Targeting Tibetan Activists"}]},{"@type":"Article","@id":"https:\/\/www.intego.com\/mac-security-blog\/new-osx-imuler-variant-targeting-tibetan-activists\/#article","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/new-osx-imuler-variant-targeting-tibetan-activists\/#webpage"},"author":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/12b11624d5a648c576d8dce6f93b230a"},"headline":"New OSX\/Imuler Variant Targeting Tibetan Activists","datePublished":"2012-11-12T20:40:09+00:00","dateModified":"2016-02-12T18:32:51+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/new-osx-imuler-variant-targeting-tibetan-activists\/#webpage"},"wordCount":222,"commentCount":4,"publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/new-osx-imuler-variant-targeting-tibetan-activists\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert-intego.jpg","keywords":["Malware","OSX\/Imuler","Tibetan"],"articleSection":["Malware"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.intego.com\/mac-security-blog\/new-osx-imuler-variant-targeting-tibetan-activists\/#respond"]}]},{"@type":"Person","@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/12b11624d5a648c576d8dce6f93b230a","name":"Lysa Myers","image":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#personlogo","inLanguage":"en-US","url":"https:\/\/secure.gravatar.com\/avatar\/783af524dca7753ceb3cd9a576398a0e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/783af524dca7753ceb3cd9a576398a0e?s=96&d=mm&r=g","caption":"Lysa Myers"},"url":"https:\/\/www.intego.com\/mac-security-blog\/author\/lysam\/"}]}},"jetpack_featured_media_url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert-intego.jpg","jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p4VAYd-1Qy","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/7102"}],"collection":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/comments?post=7102"}],"version-history":[{"count":15,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/7102\/revisions"}],"predecessor-version":[{"id":8787,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/7102\/revisions\/8787"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media\/8763"}],"wp:attachment":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media?parent=7102"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/categories?post=7102"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/tags?post=7102"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}