Digita Security

Cybersecurity solutions for the

  • modern
  • mobile
  • independent
  • innovative
  • enterprising

macOS workforce

11.30.2017 ( Version 2097 )


Also Known As: OSX/OceanLotus

OSX/HiddenLotus is a malware dropper/application bundle that uses a novel technique to masquerades as a '.pdf'. The 'd' in the extension is actually an encoded Roman numeral. Because it isn't a true '.pdf' extension the pdf handler is not invoked. This causes macOS to fall back to the bundle structure and launch it as an application when double-clicked by the user [1].

  1. https://blog.malwarebytes.com/threat-analysis/2017/12/interesting-disguise-employed-by-new-mac-malware

Sample Hashes (VT links):