FireSight

Zip Devil.app was ignored (seems to be the primary installation source, an advertisement hijacks the persons browser bringing them to zipdevil.com and gets them to download it, which results in the Genio infection), and MWB missed a bunch of files in the LaunchAgents folder (they were all something.something.plist, the middle part started with tiv or til, but I didn't think to write it down before I cleaned everything up). If I get another one of these in after the holidays, I'll make sure to grab a complete file list and upload the files.

Hi, I work as IT helpdesk at a medium sized nonprofit that has a lot of macs deployed. Recently we have been seeing a rash of people whose computers have the InstallMac trojan running on it. This trojan waits 30-45 minutes after the computer starts up and then launches a process that appears as AppSO in the Activity Monitor process list. It proceeds to eat all the processing power on a single CPU, and does nothing but fill up the computers RAM, eventually turning the entire hard drive into Swap space... which then causes everything to lock up until you hard-reboot the computer. MalwareBytes Anti-Malware for Mac seems to identify ONE of the source files for this trojan, but ignores the rest of them and the application it is usually bundled with (ZipDevil.app). There is a good post on the Apple forums that describes where the other files hide and how they are named. It would be nice if MWB could have it's detection system updated so that it checks for the other known files, since I currently have to root everything out by hand. https://discussions.apple.com/thread/7230519?start=0&tstart=0