Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

APT Campaign Exploits Backdoor in Mac OS X Platform

Kaspersky Lab UK : 04 July, 2012  (Technical Article)
Kaspersky Lab has discovered an advanced persistent threat campaign used against political activits and deploying Mac OS X backdoor
APT Campaign Exploits Backdoor in Mac OS X Platform
On 27 June 2012, Kaspersky Lab’s experts intercepted a new wave of Mac OS X attacks targeting Uyghur activists that were part of an Advanced Persistent Threat (APT) campaign.

The APT attackers were sending customised emails to a select number of Uyghur activists who were presumed Mac users. The targeted emails included ZIP attachments inside them, which contained a malicious Mac OS X backdoor. To disguise the malware, the ZIP file showed a JPEG photo together with the malicious application.

Kaspersky Lab’s researchers analysed the Mac OS X backdoor and concluded that the malicious application is a new, and primarily undetected, variant of the MaControl backdoor, which supports both i386 and PowerPC Macs. However, Kaspersky Lab’s system* detects the malicious variant as “Backdoor.OSX.MaControl.b.”

When executed, the MaControl backdoor installs itself inside the victim’s Mac and connects to its Command and Control (C&C) server to get instructions. The backdoor allows its operator to list files, transfer files and generally run commands on the infected Mac computer at will. During the analysis of the malware, Kaspersky Lab identified its C&C server, which is located in China.

“Macs are growing in global popularity, even amongst high-profile people.  Many choose to use Mac OS X computers because they believe it’s safer,” said Costin Raiu, Director of Global Research & Analysis at Kaspersky Lab. “However, we believe that as the adoption increases for Mac OS X, so will both mass-infection attacks and targeted campaigns. Attackers will continue to refine and enhance their methods to mix exploits and social engineering techniques to try and infect victims. Just like PC malware, this combination is commonly the most effective and cybercriminals will continue to challenge Mac OS X users’ security, both technically and psychologically.”

This is not the first time Kaspersky Lab has identified APT-driven attacks targeting Mac OS X users. In April 2012, Kaspersky Lab’s researchers published information about an active APT campaign, SabPub, which was attacking the Mac OS X platform by exploiting an MS Office vulnerability. Once the custom backdoor Trojan infected a victim’s machine, it was able to take screenshots of the user’s current session and execute commands on the infected computer.

Even though the notorious Flashfake Trojan, which helped to create a botnet of 700k+ Mac computers, was the most prominent example of Mac OS X infections, cybercriminals have continued to attack the platform, most notably in targeted campaigns. Several days ago, Apple pulled a claim from their website which said that “a Mac isn't susceptible to the thousands of viruses plaguing Windows-based computers.”

The Mac OS X security landscape continues to change in 2012 as cybercriminals target the platform with various types of techniques and methods.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo