GMA News Online

New python-based malware attack targets Mac, Windows computers

April 29, 2012 1:14pm
Yet another new malware attack has started targeting computers running Apple's Mac OS X platform, prompting a security software firm to warn of further attacks by cyber-criminal gangs.

Sophos said the new attack target both Mac and Windows computers, exploiting a Java security vulnerability that allowed the Flashback botnet to hijack 600,000 Macs.

"This attack is quite different from the earlier Flashback attack, and may indicate that other cyber-criminal gangs are exploring the possibilities of infecting Mac computers," it said in a blog post.

It said the malware exploits a vulnerability in a version of Java on Windows and Mac computers.

Patches for the Java vulnerability had been available since February 14 for Windows, Linux and Unix computers and since early April for Mac users.

Sophos said its antivirus products detect the attack as Mal/20113544-A and Mal/JavaCmC-A.

It noted the malicious Java code downloads further code onto the victim's computer - depending on what operating system they are using.

On Windows, the downloaded file will be detected as Mal/Cleaman-B. On Mac OS X, the downloaded file ( will be detected as OSX/FlsplyDp-A.

The downloaded programs will then install further malicious code - the Troj/FlsplyBD-A backdoor Trojan - on Windows computers, and decrypting a Python script called (extracted from on Mac OS X.

"This Python script acts as a Mac OS X backdoor, allowing remote hackers to secretly send commands, uploading code to the computer, stealing files and running commands without the user's knowledge," Sophos said.

Sophos is adding detection of the final Python script as OSX/FlsplySc-A.

Meanwhile, Sophos said the writers of the Python script had left a clue they may be planning to make developments to their code in the future.

"Although Windows users are generally pretty good about running anti-virus protection, Mac users are only just waking up to the need," it added. — LBG, GMA News
Go to comments

We welcome healthy discussions and friendly debate! Please click Flag to alert us of a comment that may be abusive or threatening. Read our full comment policy here.
Comments Powered by Disqus