The latest variant of the attack known as "LuckyCat" was discovered and detailed by Costin Raiu, Kasperskky lab expert. He found that a dummy infected machine was taken over by a remote user who started analyzing the machine and even stole some documents from the Mac.
"We are pretty confident the operation of the bot was done manually â which means a real attacker, who manually checks the infected machines and extracts data from them," Raiu wrote in a post to SecureList.
The new Mac-specific trojan, named "Backdoor.OSX.SabPub.a," uses a Java exploit to infect targeted machine. It spreads through Microsoft Word documents that exploit a vulnerability known as "CVE-2009-0563."
The new trojan is noteworthy because it stayed undetected for more than a month and a half before it came alive and data was manually extracted from the machine. That's different from MaControl, another bot used in attacks discovered in February 2012.
There are currently at least two variants of the "SabPub" trojan, which remains classified as an "active attack." It is expected that new variants of the bot will be released in the coming weeks, as the latest was created in March.
Security on the Mac has been in the spotlight of late as a result of the "Flashback" trojan that infected more than 600,000 Macs worldwide. Apple addressed the issue with a series of software updates last week designed to remove the trojan from affected machines.
The Flashback botnet harvested personal information and Web browsing logs fron infected machines. The trojan, which disguises itself as an Adobe Flash installer, was first discovered last September.
65 Comments
If you never install Java - you don't expose yourself to these trojan malware.
Apple no longer installs Java on Macs. Java is not present in iOS.
Java is a third party platform - like Flash - that opens up security holes in Mac OS X.
If you never install Java - you don't expose yourself to these trojan malware.
Apple no longer installs Java on Macs. Java is not present in iOS.
Java is a third party platform - like Flash - that opens up security holes in Mac OS X.
Except for the fact that this trojan uses an Office vulnerability, not Java. Since this attack vector appears to be from 2009 can we assume that current, fully patched systems are safe? I always apply Office patches as soon as they are available.
If you never install Java - you don't expose yourself to these trojan malware.
Apple no longer installs Java on Macs. Java is not present in iOS.
Java is a third party platform - like Flash - that opens up security holes in Mac OS X.
You have to wonder what's going on with Android OS. Aren't most of their Google Play apps Java-based?
Could this article possibly be less useful?
No info on how to detect the trojan, no info on whether the latest patched Java version is still vulnerable, no info on how to get rid of it, no info...no info.
it's not like it's a pc trojan...why is it called as such? it requires manual intervention