New Mac OS Malware exploited two known Java vulnerabilities
Sep 24, 2013
A new Mac OS Malware has been discovered called OSX/Leverage . A , which appears to be yet another targeted command-and-control Trojan horse, that creates a backdoor on an affected user's machine. The Trojan named ' Leverage ' because the Trojan horse is distributed as an application disguised as a picture of two people kissing, possibly a scene from the television show " Leverage ". The attack launched via a Java applet from a compromised website and which drops a Java archive with the backdoor to the visitor's computer and launches it without a user intercation. To perform the attack, Malware uses two recently disclosed Java vulnerabilies known as CVE-2013-2465 and CVE-2013-2471. Once it's installed, the Trojan connects to the C&C server on port 7777. Security vendor Intego said that Malware linked to Syrian Electronic Army (SEA) , because after installation Malware attempt to download an image associated with the Syrian Electronic...
