Kaspersky detects more APT attacks targeting Macs

For second time this year, security company identifies wave of malware capable of giving an outside attacker control over infected Macs

Kaspersky Labs has detected a new wave of Mac OS X APT (advanced persistent threat) attacks, marking the second time this year the security company has presented evidence that the Apple platform is susceptible to such threats.

This particular attack is aimed at Uyghur activists -- but that's no reason for other Mac users to be complacent. "With Macs growing in popularity and their increased adoption by high-profile targets, we expect the number of Mac OS X APT attacks will also grow," cautioned Costin Raiu, a Kaspersky Lab Expert.

Mac's once-pristine security record has steadily tarnished in recent months as the platform continues to rise in popularity. In addition to the Trojan dubbed SabPub that materialized back in April, malware called Flashback reportedly infected at least 600,000 Macs this year. To Apple's credit, the company is at least indirectly acknowledging that its platform isn't bulletproof and is taking steps to make it more secure. For example, the forthcoming OS X 10.8, aka Mountain Lion, will be capable of automatically polling Apple for security updates on a daily basis.

For this newly discovered threat, attackers are sending targeted emails with a ZIP attachment containing a JPEG image and a new, mostly undetected version of the Mac Control backdoor Trojan. Upon execution, the Trojan installs itself on the target machine in typical APT fashion and connects to its command and control server for orders. With the backdoor installed, the attacker effectively has free reign over the infected machine and its contents.

Notably, hackers are using a Windows counterpart of this Trojan -- dubbed Gh0st Rat -- to attack Uyghur PC users, according to AlienVault.

The backdoor is "quite flexible," Raiu wrote. "Its command and control servers are stored in a configuration block which has been appended at the end of the file. The configuration block is obfuscated with a simple 'substract 8' operation."

This Trojan intercepted by Kaspersky connects to a C&C server based in China.

"With Macs growing in popularity and their increased adoption by high-profile targets, we expect the number of Mac OS X APT attacks will also grow," wrote Raiu. "Previous attacks used MS Office exploits; the one described here relies on social engineering to get the user to run the backdoor. Just like with PC malware, a combination of exploits and social engineering tricks are generally the most effective; it won't be surprising to see a spike in such attacks soon."

This story, "Kaspersky detects more APT attacks targeting Macs," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.

Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies