Channelnomics

New APT Trojan Targets Mac OS X

July 4th, 2012 | Author:
Plusone Twitter Facebook Linkedin Digg Email

Kaspersky Lab discovered a new wave of Mac OS X attacks used as part of an Advanced Persistent Threat campaign, paving the way for partners to fill in security gaps and further underscoring the platform is far from immune to security threats.

Most recently, Kaspersky researchers found cyberthreats targeting the Mac OS X platform have been used as part of a comprehensive campaign targeting Uyghur activists – apparently presumed to be using Macs – by sending customized e-mails with attached ZIP files exploiting a malicious Mac OS X backdoor.

Like untold threats targeting Windows, the infected ZIP file is delivered as a phishing attack leveraging social engineering by enticing victims with a JPEG photo that masks the malware.

The Mac OS X attack appears to be a new threat – the most recent variant of the MaControl backdoor Trojan, which supports both i386 and PowerPC Macs. Once it gains entry, the Trojan installs itself and immediately connects back to its command center, which appears to be located in China. The backdoor then has the ability to list and transfer files, as well as run commands on the victim’s Mac at the discretion of the malware’s operators.

The new MaControl variant is the latest in a string of recent APT-driven attacks this year targeting the Mac OS X platform. In April, Kaspersky detected an active APT campaign, so-called SabPub, which targets Mac OS X  by exploiting an MS Office vulnerability running on the platform. Once the Trojan was installed on a victim’s Mac OS X, it could take screenshots of the user’s current session and execute commands on the infected computer.

Prior to that, the Flashflake Trojan ran rampant on Macs, creating a botnet comprised of more than 700,000 infected computers.

While Mac threats haven’t yet reached the same heights as their Windows counterparts, the numbers are on a steady incline and will continue to grow, thanks in large part to a rising Mac OS X market share.

That said, the barrage of new Mac threats could open up new opportunities for security partners with tried-and-true mechanisms long-deployed on Windows environments. For one, the rising tide of Mac threats may easily pave the way for channel partners to add Mac security products and mechanisms to their portfolio.

Also, unlike previous years, the highly publicized spate of Mac threats will allow partners to start conversations with their customers regarding their Mac environments’ security.

Historically, with market share in the single digits, the Mac OS X has not been a highly lucrative target for cybercriminals. As such, Macs became known as the “secure” platform, lulling users into a false sense of security and making them largely resistant to any external security product or best practice.

That might be changing. As threats targeting the Mac platform continue to emerge, many users will have to play catch-up with everything from security best practices and awareness to products and management for Mac environments.

These knowledge gaps open windows of opportunity for the channel, enabling partners to essentially go back to square one with basic security consulting services, and standard security software dedicated to the Mac OS X platform once thought to be immune to threats.

Related Articles:

Posted in Channel Business, Computers, Security | Tags: , , , , , ,

2 Responses to “New APT Trojan Targets Mac OS X”

  • Freelyn:
    December 17, 2012 at 8:14 pm

    That’s funny Aidan because all that I hear from our resident Macheads is we can’t get viruses and when I was on Windows I got them all the time. Which should tell you what type of users really gravitate towards the platform. In fact, I think in most cases they might be exactly what you say they are now.

    The myths that Apple itself perpetuates to sell its platform are glaring – better for graphics, better for sound, and my favorites, don’t crash and don’t get any kind of malware. Not only are none of these true, the last two can lead to users not practicing data safety and not taking precautions.

    The actual fact based analysis I see is that Mac OS X isn’t really any more secure than Windows but has just been a lower priority target. With the numbers growing and a large number of users no even bothering to buy security software this is a recipe for disaster.

    Reply
  • Aidan:
    July 5, 2012 at 9:39 pm

    Common sense is hopefully not platform-specific. If an end user is naive or careless enough to open up attachments they are unsure of, they might have problems. However, that has nothing to do with macs per se. The ‘Flash’ trojan affected 1% of Mac users who perhaps belonged to the ‘less-than-careful category. What is of constant annoyance is the suggestion that Mac users are by default inherently more gullible than their Windows counterparts. The majority of OS X users have moved from Windows and are well aware that there are bad guys out there. We are not smug or complacent but just sleep a little better than we used to.

    Reply

Leave a Reply

Upcoming Webinars:
Security Services Transition and Development
Sponsored by AVG
> REGISTER NOW

Backup and Recovery Solutions for Health Care IT
Sponsored by Intronis
> REGISTER NOW
         

© 2013 The 2112 Strategy Group LLC. All Rights Reserved. V.1.2      Contact Us    |    Terms of Use    |    Privacy Statement