A
new variant on a family of Mac OS X malware which targets Tibetan
activists has been found in the wild and shared on the Virus Total
website, where security researchers show off new “finds”.
The malware is distributed by a poisoned Java applet on
websites which have been compromised – known as a “watering hole
attack”. It’s part of a family of malware which has targeted Tibetan
activists. The last new version was found a year ago, according to Intego.
An ESET report on previous malware targeting Tibetan activists can be found here.
ESET Senior Research Fellow David Harley says, in a post on Mac Virus,
“ I suspect that Apple will slipstream detection for it into
XProtect.plist sooner rather than later. In any case, its actual spread
is almost certainly as light as you’d expect from targeted malware. It
seems to have crossed the AV radar because of a sample sent to
VirusTotal, not as a result of user reports.”
In a detailed blog post exploring the myths around Mac malware, ESET
Senior Researcher Stephen Cobb says, “Many people have repeated the
statement that Macs can’t catch viruses. There may be a qualified sense
in which that is true, but it obscures the wider reality that Macs can,
and do, get hit with other forms of malicious software.”“Things have been relatively quiet lately from the authors of the Tibet family of malware, but another variant was found last night on the Virus Total website, which is a site used by security researchers to share malware samples,” Intego said.
“This time, the attack arrives via a Java applet on a web site. This drops a Java archive with the backdoor and launches it without user interaction, by way of a Java vulnerability. When installed, it creates a backdoor to the affected computer, which allows an attacker to view and access files on the computer as well as running commands.”
Independent security researcher Graham Cluley says that
previous attacks in the same “family” have targeted the Tibetan
government and supporters of the Dalai Lama, and says, “If I were a
betting man, I would put money on those responsible for previous attacks
as being likely to be behind OSX/Tibet.C as well.”
Intego has identified the malware as OSX/Tibet.D. It relies on Java
vulnerabilities, so users with out-of-date software are advised to
udpate now.
No comments:
Post a Comment