Kaspersky has reported that a new previously undetected variant of the MaControl backddor is being used in the wild. The malware arrived as an email attachment, and if installed connect to a C&C server. More information on the malware, its behaviour, and the attack campaign is available from Kaspersky, who discovered this variant. As more malware authors become motivated to attack OS X it is likely that we will continue to see targeted attacks such as this in the future. http://www.kaspersky.com/about/news/virus/2012/New_Mac_OS_X_Backdoor_Being_Used_for_an_Advanced_Persistent_Threat_Campaign http://www.securelist.com/en/blog/208193616/New_MacOS_X_backdoor_variant_used_in_APT_attacks Cheers, I will be teaching SANS Sec542 in Minneapolis July, Sec560 in Montreal September, and Sec542 in Vancouver December. |
Adrien de Beaupre 353 Posts ISC Handler Jul 5th 2012 |
Thread locked Subscribe |
Jul 5th 2012 9 years ago |
Tis the end of the Golden Era. We will now need to be as vigilant as Windows users. I enjoyed, even relished, the respite, reveled in the immunity that we enjoyed. But, sadly, even this must come to an end.
Life is a bitch, then you get POWNED! |
Bill 5 Posts |
Quote |
Jul 5th 2012 9 years ago |
I see that this is an application masquerading as a document, not exactly an uncommon trick (which is why I always have show extensions turned on no matter my platform). The articles say it installs itself into the system, but how does it get past the "enter admin account" security barrier? Or does it require the user to enter this information before installing?
That people will do social engineering against all platforms is an unfortunate reality for all of us. But have they found a way to bypass the security layer that is supposed to make you stop and think? Or are they just trying to trick you as always? Nothing in either link clarifies this detail. |
BGC 23 Posts |
Quote |
Jul 9th 2012 9 years ago |
Sign Up for Free or Log In to start participating in the conversation!