top | item 12456131

(no title)

> Is there any diagnostic tool out there to determine if you've been infected?

From what I can tell, they posted the SHA256 of the offending binary under the IOCs section of that web page. So you should be able to do this in the root of your home directory to detect if such a file exists:

# find . -type f -print0 | xargs -0 shasum -a 256 | grep 664e0a048f61a76145b55d1f1a5714606953d69edccec5228017eb546049dc8c

discuss

drdrey|9 years ago

Binary checksums are usually not very helpful for identifying malware. The fact that the binary they were looking at was called "unpacked" suggests that there would be packed versions out there, and they would have a different checksum.

clinton_sf|9 years ago

Yes. And the malware could be polymorphic. Or there could be multiple versions of the same "core" out there. It's not clear to me how sophisticated virus (malware) scanners for OS X are with dealing with that.