Monday, December 03, 2012, 03:27 pm PT (06:27 pm ET)
New Mac trojan found to exploit same Java weakness as 'Flashback'A new piece of malware that takes advantage of a well-documented Java vulnerability has been found on a website dedicated to the Dalai Lama, with the trojan able to install itself on an unwitting Mac user's computer to capture keystrokes and other sensitive data.
Screenshot from a Google cache of the gyalwarinpoche.com webpage. | Source: F-Secure
Dubbed "Dockster," the malware was first found by antivirus and security firm Intego to have been uploaded to the VirusTotal detection service on Nov. 30. At the time of its discovery, the remote address associated with trojan was not active, possibly indicating that the code's creators were testing whether it would be detected, but as of this writing the malicious code is now "in the wild."
As noted in a separate report from F-Secure (Flashback exploit from September 2011. Dockster leverages the same Java vulnerability to drop the backdoor onto a Mac, which then executes code to create an agent that feeds keylogs and other sensitive information to an off-site server.
In the case of Flashback, which was also discovered by Intego, a reported 600,000 Macs were affected before both Apple and Oracle released a Java patches to remove the malware and protect against future attacks.
Although the newly-found Dockster takes advantage of an already fixed weakness, users who haven't yet updated their Macs or are running older software may still be at risk.
On Topic: General
- Review: Razer's Kraken Pro analog gaming headset
- Apple hires noted tech journalist Anand Lal Shimpi
- Samsung asks New Yorkers to compare Apple's iPad Air to Galaxy Tab S in new ad
- Apple's mysterious 2-story structure at site of Sept. 9 event drives frenzy even further
- Apple announces Sept. 9 event for expected 'iPhone 6' & 'iWatch' unveiling: 'Wish we could say more'