Skip to content
MalwareWiki

Malware

iMuler

aka Revir

The threat was a multi-stage malware displaying a decoy that appeared to the victim as a Chinese language article on the long-running dispute over the Diaoyu Islands; an array of erotic pictures; or i

iMuler, also known as Revir, is a macOS malware family.

Background

This was multi-stage malware that showed the victim a decoy in the form of a Chinese-language article about the long-standing Diaoyu Islands dispute, a set of erotic photos, or pictures of Tibetan organisations. It operated in two stages: Revir served as the dropper/downloader, while Imuler was the backdoor able to perform the following actions:

  • capture screenshots
  • exfiltrate files to a remote computer
  • send various information about the infected computer
  • extract ZIP archive
  • download files from a remote computer and/or the Internet
  • run executable files

Source: Malpedia (Fraunhofer FKIE).