A new Mac OS Malware has been discovered called OSX/Leverage.A, which appears to be yet another targeted command-and-control Trojan horse, that creates a backdoor on an affected user’s machine.
The Trojan named 'Leverage' because the Trojan horse is distributed as an application disguised as a picture of two people kissing, possibly a scene from the television show "Leverage".
The attack launched via a Java applet from a compromised website and which drops a Java archive with the backdoor to the visitor's computer and launches it without a user intercation.
To perform the attack, Malware uses two recently disclosed Java vulnerabilies known as CVE-2013-2465 and CVE-2013-2471. Once it’s installed, the Trojan connects to the C&C server on port 7777.
Security vendor Intego said that Malware linked to Syrian Electronic Army (SEA), because after installation Malware attempt to download an image associated with the Syrian Electronic Army, but the hacker group denies accusations it engaged in the manufacture of such malware.
Moreover, according to security researcher, malware is similar to what is used in a phishing attack by the Syrian hackers against The New York Times, Outbrain, and The Washington Post.
While this new malware is out there, but the threat level appears to be low and has affected a few people. Apple has now updated XProtect to detect Leverage and prevent it from launching.
About the author