{
	"id": "86c1f017-4983-406f-9a44-ad7a1e1145fc",
	"created_at": "2026-04-06T00:16:57.411871Z",
	"updated_at": "2026-04-10T13:12:07.035506Z",
	"deleted_at": null,
	"sha1_hash": "d072a9181f1eab78600e7d0a3ea6552a44fe249c",
	"title": "Criminals gain control over Mac with BackDoor.Olyx",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 54829,
	"plain_text": "Criminals gain control over Mac with BackDoor.Olyx\r\nPublished: 2011-06-22 · Archived: 2026-04-05 22:49:29 UTC\r\nBy continuing to use this website, you are consenting to Doctor Web’s use of cookies and other technologies\r\nrelated to the collection of visitor statistics.\r\nLearn more\r\n22.06.2011\r\nReal-time threat news | Virus alerts\r\nJune 22, 2011\r\nDoctor Web—the leading Russian developer of anti-virus software —informs users that its virus analysts\r\nhave discovered a new threat to computers running Mac OS X. BackDoor.Olyx is the second known\r\nbackdoor for the operating system. If a machine is compromised by the malware, attackers get an\r\nopportunity to covertly control the computer. The backdoor receives commands from a remote server to\r\ncreate, transfer, rename, delete various files, as well as some other instructions.\r\nThe number of malicious programs for MAC OS X is small, especially compared with the number of threats to\r\nWindows. Until recently only one backdoor program for the OS was known—BackDoor.DarkHole. Versions of\r\nthis malware exist for Mac OS X and for Windows. When launched, it enables hackers to open web pages in the\r\ndefault browser on the infected machine, restart the computer remotely and perform various operations with files.\r\nNow, in the Dr.Web virus database contains entries for both BackDoor.DarkHole and BackDoor.Olyx.\r\nThe program gets to a user's computer as an application designed for Macs featuring the Intel-compatible\r\narchitecture, BackDoor.Olyx creates the /Library/Application Support/google/ directory on the disk to which it\r\nsaves a file named startp. Then BackDoor.Olyx places the file /Library/\r\nLaunchAgents/www.google.com.tstart.plist into the home directory, and uses the file to launch the malicious\r\nobject after a system reboot.\r\nAfter that the program moves itself to a temporary folder named google.tmp to delete the executable from its\r\noriginal location. As the name implies, BackDoor.Olyx operates in an infected system as a backdoor which\r\nhttps://news.drweb.com/show/?i=1750\u0026lng=en\u0026c=14\r\nPage 1 of 2\n\nincludes downloading and running malicious files on infected machines and executing various commands in the\r\n/bin/bash shell. Thus, attackers can gain control over an infected computer without the user's knowledge.\r\nUsers of Dr.Web for Mac OS X can rest assured about the security of their computers, since the signature of the\r\nmalware has already been added to the Dr.Web virus database. To prevent BackDoor.Olyx from infecting\r\nsystems, users of Dr.Web for Mac OS X are recommended to enable automatic updating and scan their hard drives\r\nregularly.\r\n1750 en 5\r\n0\r\nDoctor Web’s Q1 2026 review of virus activity on mobile devices\r\n01.04.2026\r\nVirus reviews\r\nRead\r\nDoctor Web’s Q1 2026 virus activity review\r\n01.04.2026\r\nVirus reviews\r\nRead\r\nDr.Web for personal computers receives SKD AWARDS product excellence distinction\r\n24.03.2026\r\nCorporate news | Dr.Web products\r\nRead\r\nSource: https://news.drweb.com/show/?i=1750\u0026lng=en\u0026c=14\r\nhttps://news.drweb.com/show/?i=1750\u0026lng=en\u0026c=14\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://news.drweb.com/show/?i=1750\u0026lng=en\u0026c=14"
	],
	"report_names": [
		"?i=1750\u0026lng=en\u0026c=14"
	],
	"threat_actors": [],
	"ts_created_at": 1775434617,
	"ts_updated_at": 1775826727,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/d072a9181f1eab78600e7d0a3ea6552a44fe249c.pdf",
		"text": "https://archive.orkl.eu/d072a9181f1eab78600e7d0a3ea6552a44fe249c.txt",
		"img": "https://archive.orkl.eu/d072a9181f1eab78600e7d0a3ea6552a44fe249c.jpg"
	}
}