Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Development
    • PC Hardware
    • Storage

    New Mac Trojan Is Latest Attack on Apple Systems

    By
    Jeff Burt
    -
    April 16, 2012
    Share
    Facebook
    Twitter
    Linkedin

      Just as the Mac Flashback malware has begun to decline, security researchers at Kaspersky Lab, Sophos and Intego are talking about a new Trojan horse that targets Apple Macs using the same security flaw in Java that Flashback exploited.

      The new malware€”dubbed €œSabPub€ by Kaspersky and €œSabpab€ by Sophos and Intego€”is what the researchers are calling a basic €œbackdoor€ Trojan horse, which can steal information from infected systems.

      €œ[J]ust like Flashback, the new Trojan doesn’t require any user interaction to infect your Apple Mac,€ Graham Cluley, senior technology consultant at Sophos, said in an April 13 post on the company€™s NakedSecurity blog. €œThe Sabpab Trojan horse exploits the same drive-by Java vulnerability used to create the Flashback botnet. The criminals behind the attack can grab screenshots from infected Macs, upload and download files, and execute commands remotely.€

      The Sabpab Trojan creates files and then sends encrypted logs back to the command-and-control (C&C) server, enabling the hackers to monitor the activity on the system, Cluley wrote.

      Costin Raiu, a security expert for Kaspersky, said in an April 15 post on the company€™s SecureList blog that researchers there had been watching a fake infected system that they had set up to monitor the malware, which he said linked back to a C&C server that had the same IP address that had been used in other malware samples found targeting Macs last year.

      On April 15, traffic generated by the C&C server changed, indicating that the hackers took over control of the connection and began analyzing the €œgoat€ system that Kaspersky had set up, Raiu said.

      €œThey listed the contents of the root and home folders and even stole some of the goat documents we put in there,€ he wrote. €œWe are pretty confident the operation of the bot was done manually€”which means [there is] a real attacker, who manually checks the infected machines and extracts data from them.€

      What all this means, Raiu wrote, is that SabPub is an advanced-persistent-threat (APT) attack that is in an active stage.

      He wrote that there appear to be at least two variants of the bot, with the earlier version being created in February and the second in March, €œand the attackers are using Java exploits to infect €¦ Mac OS X machines.€ Raiu said he expects new variants to be released in the next few days and weeks.

      Intego officials on the company€™s blog April 16 said that for the time being, the Sabpab Trojan isn€™t posing the same risk as Flashback.

      €œInitially, the command and control server that this malware tried to connect to was offline, but Intego€™s malware researchers have found it to be accessible today,€ the Intego officials wrote. €œIntego has seen a few samples, but this malware does not yet seem to be widely distributed, and the risk is low.€

      The new malware is coming on the heels of the Flashback exploit, which at one point infected more than 600,000 Macs, or more than 1 percent of all Macs in use worldwide. Officials with security software vendor Symantec said last week that the number of infections has since dropped to 270,000.

      The Flashback infections shook the theory that Macs and other Apple systems were immune to Trojans and other security exploits, and opened up Apple officials to sharp criticism over their slow response to the problem and lack of communication with the security community.

      Oracle, which owns Java, had patched the Java flaw in Windows PCs and other systems weeks earlier, but Apple didn€™t sent out the patch to its users until April 3, just as security companies like Kaspersky and Dr. Web were saying that the number of infected Macs had grown past 600,000.

      Then, Apple was late in rolling out a tool to detect and remove the Flashback malware, launching it days after others€”including Kaspersky, Sophos, Intego and F-Secure€”had rolled out their own free offerings.

      The new Mac exploit is also the latest indication that as Apple systems increase in popularity and use in businesses, they will see more attacks by hackers. Sophos€™ Cluley said Mac users need to understand this trend.

      €œThe Sabpab Trojan is not believed to be anything like as widespread as Flashback, but still underlines the importance of protecting Macs against malware with an up-to-date antivirus program and security updates,€ he wrote. €œIt’s time for Mac users to wake up and smell the coffee. Mac malware is becoming a genuine issue, and cannot be ignored any longer.€

      Jeff Burt
      Jeffrey Burt has been with eWEEK since 2000, covering an array of areas that includes servers, networking, PCs, processors, converged infrastructure, unified communications and the Internet of things.

      MOST POPULAR ARTICLES

      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×