A new variant of Mac malware Imuler has been identified targeting Tibetan activists. The discovery was made by Bellevue, Wash.-based Apple platform security vendor Intego Inc.
According to a blog post by Lysa Myers, a virus hunter at Intego, the malware has been identified as OSX/Imuler.E, and
The Imuler backdoor Trojan family was first discovered in Sept. 2011. The variants have targeted activist organizations with emails appearing to contain photographs. Attackers have alternated their tactics between trying to scare or entice the email recipients.
Security experts have warned that the Apple platform is increasingly becoming a target of attacks. Although the Imuler Trojan is typically used in extremely targeted attacks, experts point to Flashback as an example of how attackers can target vulnerabilities in the system or gain access by exploiting flaws in the applications running on the platform. Flashback managed to infect an estimated 700,000 before it was contained. It spread quickly via drive-by attacks.
Once Imuler has infected a machine, it attempts to communicate with a command and control server for further instructions. The Trojan can steal information by searching the system for user data or by taking screenshots.
"This data is then uploaded to the controller's server," wrote Myers. "It creates a unique identifier for the specific Mac to be able to link the Mac and the data it collects. The backdoor also allows new files to be downloaded onto an affected system."
A reboot cannot remove the malware, instead, the malicious files must be deleted from the infected machine.