News Stay informed about the latest enterprise technology news and product updates.

Malware identified as latest Mac Trojan targeting activists

Apple platform security firm Intego has discovered OSX/Imuler.E, a new variant of the Imuler Trojan.

A new variant of Mac malware Imuler has been identified targeting Tibetan activists. The discovery was made by...

Bellevue, Wash.-based Apple platform security vendor Intego Inc.

According to a blog post by Lysa Myers, a virus hunter at Intego, the malware has been identified as OSX/Imuler.E, and shows many similarities to OSX/Imuler.D, which also targeted Tibetan activists.

The Imuler backdoor Trojan family was first discovered in Sept. 2011. The variants have targeted activist organizations with emails appearing to contain photographs. Attackers have alternated their tactics between trying to scare or entice the email recipients.

Security experts have warned that the Apple platform is increasingly becoming a target of attacks. Although the Imuler Trojan is typically used in extremely targeted attacks, experts point to Flashback as an example of how attackers can target vulnerabilities in the system or gain access by exploiting flaws in the applications running on the platform.  Flashback managed to infect an estimated 700,000 before it was contained. It spread quickly via drive-by attacks.  

Once Imuler has infected a machine, it attempts to communicate with a command and control server for further instructions. The Trojan can steal information by searching the system for user data or by taking screenshots.

"This data is then uploaded to the controller's server," wrote Myers. "It creates a unique identifier for the specific Mac to be able to link the Mac and the data it collects. The backdoor also allows new files to be downloaded onto an affected system."

A reboot cannot remove the malware, instead, the malicious files must be deleted from the infected machine.

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.