A picture of a smooching couple actually
delivers a kiss of death to Mac OS X users – it’s a new Mac Trojan which
opens a backdoor on users’ machines. It’s the second piece of Mac
malware detected in a week, and was picked up on VirusTotal, sent in by a
user in Belarus.
Mac security experts Intego said in a blog post, “A new Mac Trojan
has been discovered that creates a backdoor on an affected user’s
machine. At the time of writing, the Command and Control (C&C)
server is down and no longer sending commands to affected users. This
appears to be a targeted attack, though the method of delivery is not
yet known. So, while this has been affecting users in the wild, the
overall threat level appears to be low.”The Trojan attempts to download an image file of a logo for hacktivist group Syrian Electronic Army. It’s not clear whether the malware is the work of the group.
“At this time, we are unaware how it is sent to affected
users,” Intego said. “The malware could likely be sent by email or
placed on a website as part of a watering hole attack, for instance.
Depending on how the file is received, the behavior of the file in OS X
may be slightly different.”
Intego says that when installed, the Trojan attempts to conceal
itself, and disguise itself as an ordinary image file, and gets to work.
“ It then opens the JPEG image inside the Application
bundle with the standard OS X application Preview, which fools the user
into thinking that it was just an image file.The Trojan application
installs a permanent backdoor that allows the attacker to send a variety
of commands,” Intego said.
In a detailed blog post exploring the myths around Mac malware,
ESET Senior Researcher Stephen Cobb says, “Many people have repeated
the statement that Macs can’t catch viruses. There may be a qualified
sense in which that is true, but it obscures the wider reality that Macs
can, and do, get hit with other forms of malicious software.”
Last week, Mac malware targeting Tibetan activists was shared on Virus Total. ESET reports on previous malware targeting Tibetan activists can be found here.
ESET Senior Research Fellow David Harley says, in a post on Mac Virus,
“ I suspect that Apple will slipstream detection for [the Tibet
malware] into XProtect.plist sooner rather than later. In any case, its
actual spread is almost certainly as light as you’d expect from targeted
malware. It seems to have crossed the AV radar because of a sample sent
to VirusTotal, not as a result of user reports.”
Harley is to deliver a presentation on Mac malware at this year’s
Virus Bulletin 2013 conference in Berlin, Germany, from 2-4 October.
No comments:
Post a Comment