New Apple Mac OS X malware spreading –Kaspersky
A new backdoor malware is spreading and targeting computers running Apple Inc.'s Mac OS X platform, a computer security firm warned over the weekend.
Kaspersky Lab expert Costin Raiu said the new Mac OS X backdoor variant appears to be targeted at Uyghur activists.
"Perhaps it is no surprise that we are seeing an increase in the number of APT (advanced persistent threat) attacks against such high profile users using Macs," he said in a blog post.
He said their analysis showed the command and control server address is located in China.
"With Macs growing in popularity and their increased adoption by high profile targets, we expect the number of Mac OS X APT attacks will also grow," he added.
Raiu said they intercepted June 27 a new wave of APT attacks targeting certain Uyghur Mac users.
The attacks have emails with a ZIP file attached. Inside the ZIP file are a JPG photo and a Mac OS X app.
"The application is actually a new, mostly undetected version of the MaControl backdoor (Universal Binary), which supports both i386 and PowerPC Macs," Raiu said.
Raiu said Kaspersky products detect the malware as Backdoor.OSX.MaControl.b.
When executed, the malware installs itself in the system and connects to its Command and Control server to get instructions.
"The backdoor allows its operator to list files, transfer files and generally, run commands on the infected machine," Raiu said.
But Raiu also noted the malware has spelling errors such as “Recieve” instead of “Receive”; “os verison” instead of “os version”; and “memery” instead of “memory.”
Still, he said the backdoor is quite flexible as its Command and Control servers are stored in a configuration block appended at the end of the file.
"Just like with PC malware, combination of exploits and social engineering tricks are generally the most effective; it won’t be surprising to see a spike in such attacks soon," he warned. — TJD, GMA News
Talk of the web