After Flashback, new OSX backdoor trojan discovered
Barely had the threat to Apple’s OS X from the Flashback attack died down when a new Trojan malware targeting the platform has been discovered.
Computer security firm Sophos said the Trojan, dubbed Sabpab, exploits the same drive-by Java vulnerability and does not need any user intervention to infect Mac machines.
“The newly discovered Sabpab malware is in many ways a basic backdoor Trojan horse. It connects to a control server using HTTP, receiving commands from remote hackers as to what it should do. The criminals behind the attack can grab screenshots from infected Macs, upload and download files, and execute commands remotely,” it said.
It added the new Trojan came on the heels of a revelation that up to 600,000 Macs were compromised in the Flashback attack.
Apple has released a Java update for OS X in a bid to prevent Flashback from turning Macs into zombie machines.
Sophos said the new Trojan creates the files /Library/Preferences/com.apple.PubSabAgent.pfile and /Library/LaunchAgents/com.apple.PubSabAGent.plist.
“Encrypted logs are sent back to the control server, so the hackers can monitor activity. The potential for abuse of compromised Macs is obvious,” it said.
“The Sabpab Trojan is not believed to be anything like as widespread as Flashback, but still underlines the importance of protecting Macs against malware with an up-to-date anti-virus program and security updates,” it added.
But Sophos said what is important is that Mac users should realize malware is becoming a “genuine issue” for owners of machines running Apple’s system.
“It’s time for Mac users to wake up and smell the coffee. Mac malware is becoming a genuine issue, and cannot be ignored any longer,” it said. — TJD, GMA News
Talk of the web