Mac users believe that their operating system is safe from all sorts of malwares and viruses that other OS suffering from. But such belief has been shattered when it was found out that the OS X has been affected by a trojan called Flashback, which consequently affected more than 600,000 users. Third party applications has been made to detect and remove the trojan and Apple even pushed an update to deal with the matter once and for all. But now according to a new report, a new Mac trojan has been found. More details after the jump.
Securelist's Costin Raiu, a Kaspersky Lab Expert, has found evidence of a new Mac-specific trojan called Backdoor.OSX.SabPub.a which is known as "LuckyCat". The said trojan is said to exploit the vulnerabilities that are found in Microsoft Office for Mac. As with most trojan malware of this nature, this Mac exclusive malware infects a Mac through a Java exploit. Once it has succeeded with its infiltration, the malware is then spread via a vulnerability called "CVE-2009-0563" which is an exploit found in Microsoft Office documents.
It has not yet been determined what's the purpose of the Trojan itself but Securelist has this to say:
We are pretty confident the operation of the bot was done manually -- which means a real attacker, who manually checks the infected machines and extracts data from them.
For over six weeks, the trojan has managed to be hidden on the Mac before it was seemingly activated and commenced extracting data from documents and files of the dummy machine. What's interesting is that the SabPub exploit has one other variant which originated back in 2011 on Windows system which led Securelist to believe that the same entity is behind those attacks.
SabPub is said to be currently active so it is expected that new variants will be released by the attackers over the next few weeks. Is this a signal of a new wave of Mac Trojan attacks on the Mac OS X? [via ModMyi]Contact Us for News Tips, Corrections and Feedback