Threat Database Mac Malware Trojan.MacOS.Clapzok.A


Threat Scorecard

Threat Level: 90 % (High)
Infected Computers: 1
First Seen: January 20, 2021
Last Seen: January 20, 2021

Trojan.MacOS.Clapzok.A is the detection of Clapzok, a multiplatform file infector trojan. The file infector designation stems from the ability of Clapzok to copy its code into other applications. In other words, Clapzok can self propagate once it has infected a system.

This may sound scary and it potentially could be. However, Clapzok has been around for about 15 years (8 years for the Mac version) and it is a PoC or Proof of Concept virus. What this means is that it was developed to point out a security flaw and doesn’t necessarily pose any risk. In Clapzok’s case, the developer is researcher JPanic. Clapzok was first introduced as PoC in 2006 but at the time it wasn’t compatible with Mac systems. Since the concept was a file infector, the only thing the original Clapzok does is to copy its code into other files and applications.

That being said, if a cybercriminal with enough knowledge and skills were to get their hands on the source code for the Mac version, they could in theory create a trojan that does much more than just self propagate. Fortunately, the behavior of Clapzok isn’t all that stealthy and it is well-known to security specialists. Any decent security solution for Mac should be able to detect and fully eradicate Clapzok. Manual removal would only be an option for experienced security experts, but is still possible.


Most Viewed