Macs under attack from trojan double whammy

Posted by   Virus Bulletin on   Jun 30, 2008

Two new threats in a week spark worries of approaching Mac malware era.

Users of Apple Mac systems, who have so far only suffered from minimal attention from malware creators, may need to take more care in future according to some security analysts, after the exposure of a significant vulnerability in the operating system and the release of two effective trojans within a week have left some pondering the possible advent of major malware problems for the Mac world.

The most significant threat comes from a trojan toolkit posted online, with its Applescript source designed to be hidden in any genuine application. Once running it attempts to exploit several known vulnerabilities, including a recently disclosed privilege escalation flaw, to install keyloggers and remote access tools. While the developers of the trojan have apparently claimed to have intended it merely as a proof-of-concept, Mac security specialist SecureMac reports sightings of several variants in the wild, and with the source being available and designed to be modular for easy adaptation, it seems likely that more will follow.

A second and less potent risk was also spotted targeting Mac users last week, which relied on social engineering rather than system vulnerabilities to obtain admin credentials on target systems. Having persuaded victims to provide passwords the malicious program then passes them on to a central point along with other system data.

An initial post on the Applescript trojan toolkit is at SecureMac here, with more analysis and investigation on the SecurityFix blog here and in the Register here.

Posted on 30 June 2008 by Virus Bulletin

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

VB2020 TIPS presentations: cybercrime in the DACH region and ransomware in LATAM

As part of VB2020 localhost we were proud to co-host the Threat Intelligence Practitioners' Summmit (TIPS), put together by the Cyber Threat Alliance. In a series of blog posts we highlight some of the talks presented in the Summit and the important…

VB2020 TIPS presentation: Intelligence Sharing for Supply Chain Security

As part of VB2020 localhost we were proud to co-host the Threat Intelligence Practitioners' Summmit (TIPS), put together by the Cyber Threat Alliance. In a series of blog posts we highlight some of the talks presented in the Summit and the important…

VB2020 localhost is over, but the content is still available to view!

VB2020 localhost - VB's first foray into the world of virtual conferences - took place last week, but you can still watch all the presentations.

New additions complete the VB2020 localhost programme

The programme for VB2020 localhost - the first virtual, and entirely free to attend VB conference - is now complete, with new additions to both the live programme and the on-demand programme.

VB2020 localhost call for last minute papers: a unique opportunity

Why VB2020 localhost presents a unique opportunity for you to share your research with security experts around the globe.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.