OSX.SmoothOperator

ThreatDown is now the name of the Malwarebytes line of business products. References to Malwarebytes below reflect the amazing technology used to first identify the threat.

Short bio

OSX.SmoothOperator is Malwarebytes’ detection name for the files used in a supply-chain attack on 3CX software for macOS

Type of infection

OSX.SmoothOperator is a backdoor created by a supply-chain attack on the 3CX Desktop App for macOS client versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416. A component that was modified upstream downloads and installs a backdoor which appears to be legitimately signed. The backdoor payload was found to be an information stealer.

Protection

Malwarebytes for Mac detects and removes OSX.SmoothOperator.

Home remediation

Malwarebytes for Mac will detect and remove the components of this malware.

Download and install the latest version of Malwarebytes for Mac.

Click the “Scan Now” button to perform a system scan.

If threats are detected during the scan, a count of detected threats is displayed. More detailed threat information is displayed after the scan completes.

Click “Confirm” to move the detected threats to Quarantaine.

If a restart is required to complete remediation of threats detected during a scan, you will be notified. When a restart is required, please remember to save all work before clicking “Restart”.

Similiar detections

OSX.Banshee OSX.Poseidon OSX.Pirrit OSX.AtomStealer OSX.Genieo OSX.MacStealer OSX.MalProxy Ransom.OSX.EvilQuest OSX.LaoShu OSX.CDDS View all OSX detections >

Products

Services

Why ThreatDown

Get Help

Managed Services Terms & Conditions

Detection Details