Kaspersky Lab discovered a new wave of Mac OS X attacks used as part of an Advanced Persistent Threat campaign, paving the way for partners to fill in security gaps and further underscoring the platform is far from immune to security threats.
Most recently, Kaspersky researchers found cyberthreats targeting the Mac OS X platform have been used as part of a comprehensive campaign targeting Uyghur activists – apparently presumed to be using Macs – by sending customized e-mails with attached ZIP files exploiting a malicious Mac OS X backdoor.
Like untold threats targeting Windows, the infected ZIP file is delivered as a phishing attack leveraging social engineering by enticing victims with a JPEG photo that masks the malware.
The Mac OS X attack appears to be a new threat – the most recent variant of the MaControl backdoor Trojan, which supports both i386 and PowerPC Macs. Once it gains entry, the Trojan installs itself and immediately connects back to its command center, which appears to be located in China. The backdoor then has the ability to list and transfer files, as well as run commands on the victim’s Mac at the discretion of the malware’s operators.
The new MaControl variant is the latest in a string of recent APT-driven attacks this year targeting the Mac OS X platform. In April, Kaspersky detected an active APT campaign, so-called SabPub, which targets Mac OS X by exploiting an MS Office vulnerability running on the platform. Once the Trojan was installed on a victim’s Mac OS X, it could take screenshots of the user’s current session and execute commands on the infected computer.
Prior to that, the Flashflake Trojan ran rampant on Macs, creating a botnet comprised of more than 700,000 infected computers.
While Mac threats haven’t yet reached the same heights as their Windows counterparts, the numbers are on a steady incline and will continue to grow, thanks in large part to a rising Mac OS X market share.
That said, the barrage of new Mac threats could open up new opportunities for security partners with tried-and-true mechanisms long-deployed on Windows environments. For one, the rising tide of Mac threats may easily pave the way for channel partners to add Mac security products and mechanisms to their portfolio.
Also, unlike previous years, the highly publicized spate of Mac threats will allow partners to start conversations with their customers regarding their Mac environments’ security.
Historically, with market share in the single digits, the Mac OS X has not been a highly lucrative target for cybercriminals. As such, Macs became known as the “secure” platform, lulling users into a false sense of security and making them largely resistant to any external security product or best practice.
That might be changing. As threats targeting the Mac platform continue to emerge, many users will have to play catch-up with everything from security best practices and awareness to products and management for Mac environments.
These knowledge gaps open windows of opportunity for the channel, enabling partners to essentially go back to square one with basic security consulting services, and standard security software dedicated to the Mac OS X platform once thought to be immune to threats.
2 Responses to “New APT Trojan Targets Mac OS X”
Leave a Reply