Malware identified as latest Mac Trojan targeting activists

Apple platform security firm Intego has discovered OSX/Imuler.E, a new variant of the Imuler Trojan.

A new variant of Mac malware Imuler has been identified targeting Tibetan activists. The discovery was made by Bellevue, Wash.-based Apple platform security vendor Intego Inc.

According to a blog post by Lysa Myers, a virus hunter at Intego, the malware has been identified as OSX/Imuler.E, and shows many similarities to OSX/Imuler.D, which also targeted Tibetan activists.

The Imuler backdoor Trojan family was first discovered in Sept. 2011. The variants have targeted activist organizations with emails appearing to contain photographs. Attackers have alternated their tactics between trying to scare or entice the email recipients.

Security experts have warned that the Apple platform is increasingly becoming a target of attacks. Although the Imuler Trojan is typically used in extremely targeted attacks, experts point to Flashback as an example of how attackers can target vulnerabilities in the system or gain access by exploiting flaws in the applications running on the platform.  Flashback managed to infect an estimated 700,000 before it was contained. It spread quickly via drive-by attacks.  

Once Imuler has infected a machine, it attempts to communicate with a command and control server for further instructions. The Trojan can steal information by searching the system for user data or by taking screenshots.

"This data is then uploaded to the controller's server," wrote Myers. "It creates a unique identifier for the specific Mac to be able to link the Mac and the data it collects. The backdoor also allows new files to be downloaded onto an affected system."

A reboot cannot remove the malware, instead, the malicious files must be deleted from the infected machine.

Dig deeper on Malware, Viruses, Trojans and Spyware

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close