Computer Business Review

More Trojan malware targeting Mac OS X spotted

by CBR Staff Writer| 16 April 2012

A basic backdoor Trojan horse that doesn't require any user interaction to infect a system

Sophos and Kaspersky have identified a new malware targeting at Mac OS X operating system, called OSX/Sabpab-A.

Sabpab was spotted in early April 2012 is a basic backdoor Trojan horse that uses the same Java vulnerability discovered in the Flashback attack that infected about 650,000 Macs earlier this month.

The newly discovered Sabpab malware has the ability to upload and download files as well as run arbitrary commands and take a screenshot from infected Macs.

Sophos senior technology consultant Graham Cluley said it connects to a control server using HTTP, receiving commands from remote hackers as to what it should do.

The Trojan creates the files /Users/<user>/Library/Preferences/com.apple.PubSabAgent.pfile (the malicious software) and /Users/<user>/Library/LaunchAgents/com.apple.PubSabAgent.plist (to make it persistent), Sophos stated.

"Encrypted logs are sent back to the control server, so the hackers can monitor activity," added Graham.

Kaspersky said after activation on an infected system the malware connects to a remote website for instructions.

The command and control server was hosted in the US, and used a free dynamic DNS service to route the infected computers' requests.

Sophos said most Apple Mac infections were installed without user intervention, due to the abuse of Exp/20120507-A, which was only patched on OS X several weeks after a patch was available for other operating systems.

At this point, OSX/Sabpab-A is not cleaned up on Time Machine backups and can be manually cleaned up within time machine by deleting the pfile and plist files.

Kaspersky Lab chief security expert Alexander Gostev said the SabPub backdoor once again reveals that not a single software environment is invulnerable.

"The relatively low number of malware for Mac OS X does not mean better protection." Gostev said.

The most recent incidents like Flashfake and SabPub indicate that the personal data of unprotected Mac users is also at risk, either because cybercriminals understand the rising market share of such machines, or because they are hired for the direct task of attacking Apple computers."

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

761 people like this.
2024 people follow this.

Intelligence

Suppliers Directory

  • Capscan

    Capscan is a leading supplier of international address management solutions and data integrity services. Capscan has more than 1800 customers...

  • Webroot - Security Solutions

    Webroot provides industry leading security solutions for consumers, enterprises and small and medium businesses worldwide.

  • Qualys - IT security risk and compliance solutions

    Qualys is the leading provider of on demand IT security risk and compliance solutions - delivered as a service. Qualys solutions enable...

  • Neverfail Overview

    The Neverfail Group is dedicated to creating a world where business applications are continuously available. High Availability, Disaster Recovery...


See more
Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.