New Mac malware from Russia targets your saved passwords and iPhone backups

It used to be that Mac computers were immune from the vast majority of viruses and malware plaguing Windows and other platforms. But as Apple’s products have been growing in popularity, hackers and malware developers have been increasingly targeting macOS.


The malware, known as XAgent, can be customized to create a perfect backdoor entry into a Mac, allowing hackers to steal iOS backups that are stored on a Mac, logging passwords, and even taking pictures of displays. The research firm, Bitdefender, came out with this information.

It must be noted that there are already a handful of malicious services that are linked to APT28, including Sofacy, Sednit, Fancy Bear, and Pawn Storm. These findings have revealed that XAgent has a very familiar file path in its binaries as the one on Komplex, which is a trojan that piggybacks off of Sofacy. A more recent discovery mentioned that the latest Mac malware is being planted onto the machines with the help of Komplex.

“For once, there is the presence of similar modules, such as FileSystem, KeyLogger, and RemoteShell, as well as a similar network module called HttpChanel,” noted researchers.

Bitdefender has not yet determined how the new malware spreads as they’re still analyzing Xagent, but we’ll make sure to update the article with further information once it becomes available. For the time being, be sure to adjust your Gatekeeper settings so that your Mac cannot download and execute apps from unidentified developers.

Bitdefender had this to say on its report – “Our past analysis of samples known to be linked to APT28 group shows a number of similarities between the Sofacy/APT28/Sednit Xagent component for Windows/Linux and the Mac OS binary that currently forms the object of our investigation. For once, there is the presence of similar modules, such as FileSystem, KeyLogger, and RemoteShell, as well as a similar network module called HttpChanel.”

[Via Ars Technica]



F0r M0re UpDaTing: Be 0ne 0f My New F0ll0wers 0n Twitter, 0ne 0f My New Fan 0n FaceB00k, And Here Is The Feeds.

 


blog comments powered by Disqus
Octofinder Blog Catalog