Office based Trojan threat for Mac OS X by Chinese hackers
Security company ESET watches the newly found Trojan for OS X establish connections and receive commands to steal information. Earlier this month, researchers from AlienVault and Intego reported a new malware attack targeting Tibetan NGOs (Non-Governmental Organizations).
The attack consisted of luring the victim into visiting a malicious website, which then would drop a malicious payload on the target’s computer using Java vulnerability CVE-2011-3544 and execute it.
During installation on a Windows system, the payload deployed was a variant of Gh0st RAT (Remote Access Trojan). On the Mac though, a new payload, dubbed OSX/Lamadai.A, was used.
ESET observed that once the Trojan installs it will establish a connection to a hard-coded remote C&C server located in China, and will wait in "busy" loop where it attempts to maintain its connection with the server.
The server can then be used to issue commands to the infected system for uploading or downloading files, or execute scripts and commands the basics for allowing someone to remotely target a system, browse around on it, and steal information.
The command-and-control domain involved in the attack is located in China and the attack exploits a three-year-old vulnerability which no one could be bothered to fix.