News

Malware identified as latest Mac Trojan targeting activists

Moriah Sargent, Contributor

A new variant of Mac malware Imuler has been identified targeting Tibetan activists. The discovery was made by Bellevue, Wash.-based Apple platform security vendor Intego Inc.

According to a blog post by Lysa Myers, a virus hunter at Intego, the malware has been identified as OSX/Imuler.E, and

    Requires Free Membership to View

shows many similarities to OSX/Imuler.D, which also targeted Tibetan activists.

The Imuler backdoor Trojan family was first discovered in Sept. 2011. The variants have targeted activist organizations with emails appearing to contain photographs. Attackers have alternated their tactics between trying to scare or entice the email recipients.

Security experts have warned that the Apple platform is increasingly becoming a target of attacks. Although the Imuler Trojan is typically used in extremely targeted attacks, experts point to Flashback as an example of how attackers can target vulnerabilities in the system or gain access by exploiting flaws in the applications running on the platform.  Flashback managed to infect an estimated 700,000 before it was contained. It spread quickly via drive-by attacks.  

Once Imuler has infected a machine, it attempts to communicate with a command and control server for further instructions. The Trojan can steal information by searching the system for user data or by taking screenshots.

"This data is then uploaded to the controller's server," wrote Myers. "It creates a unique identifier for the specific Mac to be able to link the Mac and the data it collects. The backdoor also allows new files to be downloaded onto an affected system."

A reboot cannot remove the malware, instead, the malicious files must be deleted from the infected machine.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: