Office based Trojan threat for Mac OS X by Chinese hackers
Security company ESET watches the newly found Trojan for OS X establish connections and receive commands to steal information. Earlier this month, researchers from AlienVault and Intego reported a new malware attack targeting Tibetan NGOs (Non-Governmental Organizations).
The attack consisted of luring the victim into visiting a malicious website, which then would drop a malicious payload on the target’s computer using Java vulnerability CVE-2011-3544 and execute it.
During installation on a Windows system, the payload deployed was a variant of Gh0st RAT (Remote Access Trojan). On the Mac though, a new payload, dubbed OSX/Lamadai.A, was used.
ESET observed that once the Trojan installs it will establish a connection to a hard-coded remote C&C server located in China, and will wait in "busy" loop where it attempts to maintain its connection with the server.
The server can then be used to issue commands to the infected system for uploading or downloading files, or execute scripts and commands the basics for allowing someone to remotely target a system, browse around on it, and steal information.
The command-and-control domain involved in the attack is located in China and the attack exploits a three-year-old vulnerability which no one could be bothered to fix.
Popular Deals From Our Store
Ethical Hacking Certification Training
Get Professional Ethical Hacking Certifications: CEH, CHFI, CISM, CISA, CISSP Trainings.
96% Off Get this Deal
Computer Hacking Forensic Investigation
Online Hands-on Training with Lifetime Access to Forensic Investigation Certification Classes.
98% Off Get this Deal