OSX.Domen

Short bio

OSX.Domen is Malwarebytes' detection name for a Trojan dropper targeting MacOS systems.

Symptoms

Users may have seen a browser or browser related update when visiting a website.

browser update

 

Resulting in the download of the dropper.

Domen dropper

Type and source of infection

OSX.Domen is spread by the social engineering kit Domen which presents fake updates of several kinds to visitors of compromised websites. The updates can be for Flash player, fonts, or the browser.

Different updates

Trpjan droppers open a way for attack by downloading/decompressing and installing the core malicious modules.

Aftermath

Trojan.droppers are intended to introduce more malware onto a system, so if they have been active you can expect to find more malware.

Protection

Malwarebytes for Windows blocks the Domen exploit kit by using Anti-Exploit technology.

Domen blocked

 

Malwarebytes for Mac detects and removes OSX.Domen.

Remediation

Malwarebytes for Mac will detect and remove the components of this malware.

Download and install the latest version of Malwarebytes for Mac.

Click the “Scan Now” button to perform a system scan.

If threats are detected during the scan, a count of detected threats is displayed. More detailed threat information is displayed after the scan completes.

Click “Confirm” to move the detected threats to Quarantaine.

If a restart is required to complete remediation of threats detected during a scan, you will be notified. When a restart is required, please remember to save all work before clicking “Restart”.

Related blog content

New social engineering toolkit draws inspiration from previous web campaigns

The state of Mac malware

Select your language

New Buy Online Partner Icon Warning Icon Edge icon