New Mac OS X backdoor discovered

Discussion in 'macOS' started by borcanm, Jul 4, 2012.

  1. borcanm macrumors regular

    Nov 4, 2008
    Kaspersky Lab has discovered a new Mac OS X backdoor being used for an Advanced Persistent Threat campaign, creating further concern about the security of Apple's desktop operating system.

    Researchers at the Russian security firm discovered that Uyghur activists in China were being targeted by hackers, who sent customised emails with a zipped attachment containing malicious Mac code, disguised by a jpeg image.

    The code is a new and primarily undetected variant of the MaControl backdoor, which supports both i386 and PowerPC Macs, and once executed, it connects to a Command and Control server, which gives an operator access to files and the ability to run commands on the infected Mac.

    Kasperksy Lab found that the Command and Control server utilised in the infection of its research computer was located in China, suggesting the source of the attack comes from within the restrictive country, where activists frequently risk exposure from targeted malware.

    “Macs are growing in global popularity, even amongst high-profile people. Many choose to use Mac OS X computers because they believe it’s safer,” said Costin Raiu, Director of Global Research & Analysis at Kaspersky Lab. “However, we believe that as the adoption increases for Mac OS X, so will both mass-infection attacks and targeted campaigns. Attackers will continue to refine and enhance their methods to mix exploits and social engineering techniques to try and infect victims. Just like PC malware, this combination is commonly the most effective and cybercriminals will continue to challenge Mac OS X users’ security, both technically and psychologically.”

    Macs were largely considered more secure than Windows-based computers for years, often leading to many users not installing any anti-virus software. However, hackers are beginning to target Apple's software more often and many users are paying the price for security complacency.

    Recently Apple took down a comment from its website which claimed that Macs are not susceptible to the same volume of malware as Windows computers, showing that the company is no longer confident that this is the case.

    Read more:
  2. GGJstudios macrumors Westmere


    May 16, 2008
    Like every other malware threat that has ever been introduced in the wild since Mac OS X was released over 10 years ago, this trojan can be easily avoided by practicing safe computing.

    Macs are not immune to malware, but no true viruses exist in the wild that can run on Mac OS X, and there never have been any since it was released over 10 years ago. The only malware in the wild that can affect Mac OS X is a handful of trojans, which can be easily avoided by practicing safe computing (see below). Also, Mac OS X Snow Leopard and Lion have anti-malware protection built in, further reducing the need for 3rd party antivirus apps.
    1. Make sure your built-in Mac firewall is enabled in System Preferences > Security > Firewall

    2. Uncheck "Open "safe" files after downloading" in Safari > Preferences > General

    3. Disable Java in your browser (Safari, Chrome, Firefox). This will protect you from malware that exploits Java in your browser, including the recent Flashback trojan. Leave Java disabled until you visit a trusted site that requires it, then re-enable only for the duration of your visit to that site. (This is not to be confused with JavaScript, which you should leave enabled.)

    4. Change your DNS servers to OpenDNS servers by reading this.

    5. Be careful to only install software from trusted, reputable sites. Never install pirated software. If you're not sure about an app, ask in this forum before installing.

    6. Never let someone else have access to install anything on your Mac.

    7. Don't open files that you receive from unknown or untrusted sources.

    8. For added security, make sure all network, email, financial and other important passwords are long and complex, including upper and lower case letters, numbers and special characters.

    9. Always keep your Mac and application software updated. Use Software Update for your Mac software. For other software, it's safer to get updates from the developer's site or from the menu item "Check for updates", rather than installing from any notification window that pops up while you're surfing the web.
    That's all you need to do to keep your Mac completely free of any Mac OS X malware that has ever been released into the wild. While you may elect to use it, 3rd party antivirus software is not required to keep your Mac malware-free.
  3. borcanm thread starter macrumors regular

    Nov 4, 2008
    ^^^ So your saying its the users fault?

    Users have no fault. They buy a product and expect it to work. Anything short of that is solely on the company.
  4. GGJstudios macrumors Westmere


    May 16, 2008
    I'm saying it's the users' responsibility to take reasonable steps to protect their computers from malware. No computer hardware or software company is responsible for how any customer chooses to use their computer. In the same way, car manufacturers are not responsible for how carefully or recklessly their customers drive.
  5. Jagardn macrumors 6502a

    Apr 18, 2011
    Yup, and it's usually a Windows users own fault when they get a virus or malware.
  6. qCzar macrumors regular

    Feb 27, 2011
    SFBA, CA
    No. That's like saying you drove car without a license and crashed then expect the car manufacturer to pay the ticket and damages. Apple & Microsoft code in safeguards to limit attacks just like car manufacturer's install air bags to limit injury. But those measures only work so well. Just like a computer program, air bags don't form a protective bubble that keeps you safe if you flip, roll and smash into things at high speed.

    Apple has introduced sandboxing processes and applications as well as, in Mountain Lion, Gatekeeper. While Gatekeeper can be disabled, it allows apps signed by Mac Developers to run while preventing or cautioning the user when running unsigned apps. If the user clicks "Continue" on an App Gatekeeper warned about and then becomes infected, it's solely the Users fault.

    To bring this to the post at hand. If a user downloads an infected JPEG image, the computer won't know any different. It will read it as a JPEG and even possibly display an image. All it takes for a trojan to enter the system is as simple as that. Once the JPEG is read, the code is executed. You can't protect against that. Sandboxing should theoretically help but it's not an end-all solution.

Share This Page