Osx.Trojan.EmPyre-6852410-0 has been dropped.

On Wed, Feb 13, 2019 at 9:04 PM Al Varnell <alvarnell@mac.com> wrote:
Not only that, it's the installer package for an update to the macOS Malware Removal Tool and only being detected by ClamAV here:
<https://www.virustotal.com/#/file/c81d0180cbfa858d6f3faf445514cbb53675d4f469beaa5638eb95a3a8d5d0f1/detection>.

Sent from my iPad

-Al-

On Feb 13, 2019, at 14:40, Mark Allan <markjallan@gmail.com> wrote:

Hey folks,

Signature "Osx.Trojan.EmPyre-6852410-0" is generating an FP against a file signed and distributed by Apple.

File hash isĀ c81d0180cbfa858d6f3faf445514cbb53675d4f469beaa5638eb95a3a8d5d0f1

Mark
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


--
Christopher Marczewski
Research Engineer, Talos
Cisco Systems
443-832-2975