Digita Security

Cybersecurity solutions for the

  • modern
  • mobile
  • independent
  • innovative
  • enterprising

macOS workforce

8.28.2009 ( Version -4 )

RSPlugA

Also Known As: OSX/DNSChanger, OSX/Puper

OSX/RSPlug is an OS X trojan variant of OSX/DNSChanger first discovered in 2007. It was disguised as video codecs and offered primarily on adult web sites. Once installed, the malware manipulated DNS settings on the victim computer to redirect web requests to phishing websites and ads for other adult sites [1]. OSX/RSPlugA was one of the first two signatures introduced into XProtect, when silently released as a part of Mac OS X 10.6.0 Snow Leopard [2].

References:
  1. https://en.wikipedia.org/wiki/RSPlug
  2. http://www.macworld.com/article/1142457/snowleopard_malware.html

Sample Hashes (VT links):
c6f0284d3449fa1e5c463b8076df5bf7d02db79521d5c141f409cdf37045cf5d