OSX.Poseidon

detection icon

Short bio

OSX.Poseidon is Malwarebytes’ detection name for an information stealer targeting macOS systems otherwise known as OSX.RodStealer.

Symptoms

Affected users may notice the following indicators of compromise (IOCs):

Google ad domain

arcthost[.]org

Fake website for Arc

arc-download[.]com

Download URL

zestyahhdog[.]com/Arc12645413[.]dmg

Payload SHA256

c1693ee747e31541919f84dfa89e36ca5b74074044b181656d95d7f40af34a05

C2

79.137.192[.]4/p2p

Type and source of infection

The installer for OSX.Poseidon is offered as popular software on fake websites. The downloaded DMG file resembles what one would expect when installing a new Mac application with the exception that it prompts the user to right-click to open the file which is a trick to bypass security protections.
Info stealers are a type of malware that resides in an infected computer and gathers data in order to send it to the attacker.

Protection

Malwarebytes for Mac detects and removes OSX.Poseidon.

Remediation

Malwarebytes for Mac will detect and remove the components of this malware.

Download and install the latest version of Malwarebytes for Mac.

Click the “Scan Now” button to perform a system scan.

If threats are detected during the scan, a count of detected threats is displayed. More detailed threat information is displayed after the scan completes.

Click “Confirm” to move the detected threats to Quarantaine.

If a restart is required to complete remediation of threats detected during a scan, you will be notified. When a restart is required, please remember to save all work before clicking “Restart”.