They have named the sample found in the wild as Ventir.
As per Kaspersky, Ventir OS X malware is a keylogger and also contains a backdoor.
It can also be used for spying and stealing information from the victims Mac.
If it has root access, it proceeds to install all the files of the keylogging component.
The root access/access privileges determine how much Ventir can run and the path for installation of Ventir files.
If it has full privileges to the victims computer it downloads additional backdoor components.
As a result, the following files will be installed on the infected system:
?)
if it is /Library/.local/kext.tar.
The following files are extracted from the archive:
B) if it isnt ~/Library/.local/EventMonitor.
source: www.techworm.net
