A multicomponent backdoor targeting Windows, OS X, and several mobile platforms. It is distributed as AdobeFlashPlayer.jar with an invalid digital signature. The backdoor has a set of features to bypass anti-virus and firewall detection and can gain full control over the infected machine. Moreover, it uses rootkit technologies to hide its processes and files when operating on a system (including OS X).
The backdoor has the following modules:
- addressbook
- application
- calendar
- call
- camera
- chat
- clipboard
- device
- keylog
- messages (sms,mms,mail)
- mic
- mouse
- password
- position (wifi, gps, cell)
- screenshot
- url
- file
- infection (mobile, local, usb)
- crisis