Intego Warns of ‘NetWeird’ Mac Malware

Intego researchers recently came across a new backdoor called OSX/NetWeirdRC, which is being sold online for as little as $60.

“NetWeird was uncovered targeting the Apple Mac operating system earlier in August,” writes’s Alastair Stevenson. “It works by installing itself into the user’s home directory as an application bundle called”

“In testing, it was found that this malware is not persistent — perhaps due to a bug, it does not restart after a reboot, and will lie dormant unless it is manually restarted or removed,” writes Intego’s Lysa Myers.

“It adds itself to your login items, presumably with the intention of loading up every time you reboot your Mac. But a bug means that it adds itself as a folder, not an application,” writes Sophos’ Paul Ducklin. “All that happens when you log back in is that Finder pops up and displays your home directory.”

“Even better, Mountain Lion’s default security settings prevent this particular piece of malware from even being installed,” writes WebProNews’ Zach Walton. “The latest version of Mac OS X will prevent any software not from the app store or a verified developer from being installed.”

“In another light, NetWeird simply represents criminals trying to out-scam each other,” writes InformationWeek’s Mathew J. Schwartz. “Just as scammers use scareware to socially engineer consumers into paying for products that pretend to rid their PCs of viruses they don’t have, some malware developers are now selling bargain-rate, busted Mac botnet toolkits to unsuspecting buyers. ‘It would seem that you get what you pay for, even in the malware world,’ said Myers.”

Jeff Goldman
Jeff Goldman
Jeff Goldman has been a technology journalist for more than 20 years and an eSecurity Planet contributor since 2009.

Top Products

Related articles