Skip to content Skip to footer

How to know if you have been infected with Mac.Backdoor.iWorm

A new thread has been discovered and has been dubbed Mac.BackDoor.iWorm. Affecting several thousand iMacs and Macbooks the malware opens a port on your computer and tries to make a connection to a server which it finds browsing comments in the /r/minecraft (the popular game which recently got purchased by Microsoft) subreddit of Reddit (a social network) that have been left by the hackers (source). Hackers mainly use the infected computers to send spam emails, mine bitcoins or create DDoS attacks.

How to know if you have been infected with the Mac Backdoor iWorm Virus

It is very simple to check and can be done by anyone. In order to do so, open up Finder and choose Go to Folder from the Go menu (located at the top of the screen). A window will pop up, in there type the following line: /Library/Application Support/JavaW If the folder can’t be found, your computer hasn’t been infected and is ok. 

If the folder is there your computer has been infected, you can simply remove the folder but it is impossible to know if the hackers are already using your computer. To be safe the best thing to do is to erase your Mac’s hard drive.

How to prevent getting infected with the Mac.Backdoor.iWorm virus

While removing the virus is hard, it is easier to protect your self against it. The following will create a pop-up message if the folder that infects your computer is created (letting you know you have been infected) if this at any time happens, make sure to disconnect your Mac from the internet and try to remove the folder. Here is how to:

  • /Library/Application Support/JavaW
  • /Library/LaunchDaemons
  • /private/var/root/

Right click and select the line of text of one of the folders shown above, click on “Services” and then “Folder Action Setup” Enable the following (see image)

On the right side of the window (next to edit script) click on the + sign, highlight add – new item alert.scpt and click “Attach”. Repeat this process for each folder! (source)